Quiz Entry - updated: 2026.07.14
How was SHA-3 selected, and what is the relationship between SHA-2 and SHA-3?
SHA-3 was selected through a public competition (like AES replaced DES) that ended in 2013. The winner was the Keccak algorithm.
Key facts:
- SHA-2 is fundamentally based on SHA-1's design (Merkle-Damgård construction), so similar attacks were expected eventually
- NIST ran a competition to find a fundamentally different design as a backup
- Keccak won and became SHA-3 — it uses a completely different internal structure (sponge construction)
- SHA-3 can produce 256, 384, or 512 bit outputs, same as SHA-2
- No dramatic new developments are expected in this area for the foreseeable future
Important: SHA-2 is not broken — SHA-3 was created as insurance. Both are currently approved and widely used.
Go deeper:
SHA: Secure Hashing Algorithm (Computerphile) — Mike Pound walks through how a SHA hash is actually computed.
Sponge function (Wikipedia) — the absorb/squeeze construction that makes Keccak/SHA-3 fundamentally different from SHA-2.
SHA-3 (Wikipedia) — the Keccak competition, parameters and how SHA-3 relates to SHA-2.