Change the cache CryptoHash default from MD5 to SHA256

Certainly you could look at other algorithms, but SHA256 is already the fips alternative.
It makes sense to also add another stronger/faster for algorithm agility at the same time.

----

## Hash Algorithm Benchmark — OpenSSL `speed` across 4 CPUs

### Max hashes/sec @ 16B (smallest objects — per-call ceiling)

| CPU | SHA-NI | SHA-512 hw | MD5 | SHA-256 | SHA-512 | Best |
|---|:---:|:---:|---:|---:|---:|---|
| 9555P (Zen 5, 2024) | ✅ | ✅ | 8.46 M/s | 11.59 M/s | 5.68 M/s | **SHA-256** |
| EPYC 7502P (Zen 2, 2019) | ✅ | ❌ | 3.19 M/s | 3.92 M/s | 1.89 M/s | **SHA-256** |
| Xeon 5218 (Cascade Lake, 2019) | ❌ | ❌ | 3.78 M/s | 2.77 M/s | 2.11 M/s | **MD5** |
| E5-2660v3 (Haswell, 2014) | ❌ | ❌ | 3.11 M/s | 2.15 M/s | 1.51 M/s | **MD5** |

### Bulk throughput @ 16KB (MB/s)

| CPU | SHA-NI | SHA-512 hw | MD5 | SHA-256 | SHA-512 | Best |
|---|:---:|:---:|---:|---:|---:|---|
| 9555P (Zen 5, 2024) | ✅ | ✅ | 951 | 2,107 | 1,223 | **SHA-256** |
| EPYC 7502P (Zen 2, 2019) | ✅ | ❌ | 582 | 1,468 | 531 | **SHA-256** |
| Xeon 5218 (Cascade Lake, 2019) | ❌ | ❌ | 580 | 376 | 559 | **MD5** |
| E5-2660v3 (Haswell, 2014) | ❌ | ❌ | 541 | 291 | 418 | **MD5** |

### Generational speedup vs E5-2660v3 baseline (16KB bulk)

| CPU | MD5 | SHA-256 | SHA-512 |
|---|---:|---:|---:|
| 9555P (Zen 5, 2024) | 1.76× | 7.25× | 2.93× |
| EPYC 7502P (Zen 2, 2019) | 1.08× | 5.05× | 1.27× |
| Xeon 5218 (Cascade Lake, 2019) | 1.07× | 1.29× | 1.34× |
| E5-2660v3 (Haswell, 2014) | 1.00× | 1.00× | 1.00× |

### Key
- **SHA-NI**: hardware SHA-256 acceleration (x86 SHA Extensions)
- **SHA-512 hw**: hardware SHA-512 acceleration (AMD Zen 5+)
- SHA-256 wins on any CPU with SHA-NI, often by 2–2.5× over MD5
- On non-SHA-NI CPUs, **SHA-512 beats SHA-256** in bulk (1.44×) due to 64-bit word size advantage
- MD5 is fastest only on legacy Intel CPUs lacking SHA-NI, and only marginally so vs SHA-512

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Change the cache CryptoHash default from MD5 to SHA256 #13129

Hash Algorithm Benchmark — OpenSSL `speed` across 4 CPUs

Max hashes/sec @ 16B (smallest objects — per-call ceiling)

Bulk throughput @ 16KB (MB/s)

Generational speedup vs E5-2660v3 baseline (16KB bulk)

Key

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

CPU	SHA-NI	SHA-512 hw	MD5	SHA-256	SHA-512	Best
9555P (Zen 5, 2024)	✅	✅	8.46 M/s	11.59 M/s	5.68 M/s	SHA-256
EPYC 7502P (Zen 2, 2019)	✅	❌	3.19 M/s	3.92 M/s	1.89 M/s	SHA-256
Xeon 5218 (Cascade Lake, 2019)	❌	❌	3.78 M/s	2.77 M/s	2.11 M/s	MD5
E5-2660v3 (Haswell, 2014)	❌	❌	3.11 M/s	2.15 M/s	1.51 M/s	MD5

CPU	SHA-NI	SHA-512 hw	MD5	SHA-256	SHA-512	Best
9555P (Zen 5, 2024)	✅	✅	951	2,107	1,223	SHA-256
EPYC 7502P (Zen 2, 2019)	✅	❌	582	1,468	531	SHA-256
Xeon 5218 (Cascade Lake, 2019)	❌	❌	580	376	559	MD5
E5-2660v3 (Haswell, 2014)	❌	❌	541	291	418	MD5

CPU	MD5	SHA-256	SHA-512
9555P (Zen 5, 2024)	1.76×	7.25×	2.93×
EPYC 7502P (Zen 2, 2019)	1.08×	5.05×	1.27×
Xeon 5218 (Cascade Lake, 2019)	1.07×	1.29×	1.34×
E5-2660v3 (Haswell, 2014)	1.00×	1.00×	1.00×

Change the cache CryptoHash default from MD5 to SHA256 #13129

Description

Hash Algorithm Benchmark — OpenSSL speed across 4 CPUs

Max hashes/sec @ 16B (smallest objects — per-call ceiling)

Bulk throughput @ 16KB (MB/s)

Generational speedup vs E5-2660v3 baseline (16KB bulk)

Key

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

Hash Algorithm Benchmark — OpenSSL `speed` across 4 CPUs