Support SHA-3 family of functions in Hashing

[electrum]

SHA-3 support was added to the JDK in JEP 287. It would be nice to allow using these for hashing and HMAC.

[ritikBhandari]

Hi,
Can I resolve this issue?

[mdindoffer]

I second this. This is the only thing preventing us to migrate from Apache Commons Codec to Guava.

[ritikBhandari]

So we have to add the SHA3 family of functions in com.google.common.hash package or the enum HashFunctionEnum ?

[kevinb9n]

Both -- if anyone's willing to send a PR for this, please search for everywhere you see /sha-?512/i and do something parallel to that.

However, there is a difference: we have users on Java 8 for whom this probably won't work. So we need to make sure the methods like Hashing.sha3_224() fail gracefully (UnsupportedOperationException) every time they're called. The other MessageDigest-backed methods don't have this problem, as the existence of those algorithms is required by the spec.

[ritikBhandari]

Both -- if anyone's willing to send a PR for this, please search for everywhere you see /sha-?512/i and do something parallel to that.

I'll try it @kevinb9n.

please search for everywhere you see /sha-?512/i and do something parallel to that.

Can you elaborate it a little?

[kevinb9n]

Sorry, I'm moving a little too fast here. I did a little more digging and have found that

• though Google has been on JDK 9+ for months no one here is using sha3 or has asked for it; that's a bit odd
• there have been conversations about sha3 not being a very good choice (I will not try to relay any details, being not a security expert)

So, while we might still do it, it will be a longer conversation than I thought. I wouldn't want you to spend time on a PR yet.

I've filed #5990 as alternative (which we also have to consider a bit).