Is SHA-512 safe? It was developed by the NSA...

SHA-512 is a botnet. You need to use GNU/SHALALALA-16777216.

>even thinking that you could hide data from nsa
>even thinking

which brings us back to the point what is safe to use (hardware, os, software etc)?

Nice sources m8

MD5 is generally considered the best and it is web standard which works well with PHP

>he doesn't know how to use alta vista to find sources himself
it's 2016 ffs

If you are using Windows they have your key. Use a Linux based operating system with dmcrypt/LUKS.

if you want to hide from nsa/us goverment paper and pen in a thermite rigged safe
if you want to hide from 2./3. world country linux distribution with luks
if you want to hide from 1337 haxxors and general humans bitlocker

>MD5
susceptible to collision attacks.

Get raped and kill yourself, you retarded fucking faggot sack of shit with down syndrome.

OP and I are gonna stay and there's literally nothing you can do about it.

Cry more

Urafaget

Use TrueCrypt m8
grc.com/misc/truecrypt/truecrypt.htm

Well, I'd probably trust SHA-3 more, but t'd be comfortable with SHA-512 for a while..

The basic design primitives in sha-512 are the same as SHA-1, which is why when some progress was made on cryptanalysis of SHA-1 it was thought that problems in sha-512 would soon be found, but this hasn't happened yet.

So, I'd tentatively trust sha-512 but go for sha-3 when there's an option.

just use MD5 and save this dying planet you unbearable jew

>the pen has tracking software that takes the angle and records it so that the words can be recovered from memory

At present it seems so, except for length-extension (which affects all vanilla Merkle-Damgård constructions). That can in fact be mitigated by using SHA-512 and truncating it to 384 bits.

However, if you're doing something new, pick a new hash instead. Particularly I would suggest BLAKE2b as being an excellent all-rounder that emerged from the aftermath of the SHA-3 competition: more secure than the SHA-2 family, and faster than SHA-2, SHA-1 and even MD5. It really is quite excellent. There's an RFC and high-performance public-domain reference implementations. b2sum is already out there. There's a tree hash as well, although CFRG may specify a more advanced flexible tree hash format (would be nice to replace TTH/THEX wherever it lives, as TIGER192 is really getting on now).

If you need an arbitrary-length output (technically an XOF not a hash), you could also consider SHAKE256, which suggested and is reasonable. We're using that in the Ed448-Goldilocks elliptic curve signature function that CFRG are specifying, because we need a longer output than hashes normally. The Keccak sponge function is quite a bit slower in software than BLAKE/BLAKE2's AVX transforms, but performs well in hardware. I do not however expect CPUs to routinely Keccak blocks in the near future - it has a 1600-bit state, and that's a bit unwieldy for something you rarely use in many cases.

Surprisingly - perhaps, uniquely - it seems the NSA never pulled any stupid bullshit with their hashes. It seems looking back they really did put their best into it, and it was never export-controlled: perhaps because they didn't consider it to be used for encryption, as such. The SHA-0 -> SHA-1 diff (adding a rot) hardened it considerably against the best attack later discovered, although perhaps they weren't aware of the extent. SHA-2 still seems pretty good considering - there is no rush to replace it.

MD5 is broken. Do not use. Same with SHA-1. Results coming soon.