上周末在研究加密和签名，这周末在玩 hash，发现一个之前没怎么注意过的问题，我一直凭直觉感觉 SHA-256 会比 SHA-512 快，但实际上在 64-bit 系统上（在一定内存/文件大小等前提下）SHA-512 是会更快的SHA-512 has 25% more rounds than SHA-256. On a 64-bit processor each round takes the same amount of operations, yet can process double the data per round, because the instructions process 64-bit words instead of 32-bit words. Therefore, 2 / 1.25 = 1.6, which is how much faster SHA-512 can be under optimal conditions.

上周末在研究加密和签名，这周末在玩 hash，发现一个之前没怎么注意过的问题，我一直凭直觉感觉 SHA-256 会比 SHA-512 快，但实际上在 64-bit 系统上（在一定内存/文件大小等前提下）SHA-512 是会更快的

SHA-512 has 25% more rounds than SHA-256. On a 64-bit processor each round takes the same amount of operations, yet can process double the data per round, because the instructions process 64-bit words instead of 32-bit words. Therefore, 2 / 1.25 = 1.6, which is how much faster SHA-512 can be under optimal conditions.

https://crypto.stackexchange.com/a/26351

然后我发现很早之前看 BLAKE3 做的速度测试其实就已经体现了这个问题，只是当时光顾着看 BLAKE 完全没注意到 SHA-2 这个细节