Tony Arcieri

I can try reverting https://github.com/RustCrypto/hashes/commit/2f45194713e5c9beb56191ca65c3bd0cec91e6cb and stepping through it again

Sounds good to me. I'm all for reducing API surface.

> I notice that we have Blake2b, VarBlake2b, and State in the same module, with overlapping purposes. Similarly we have Hash and Params, but those are only used by State,...

Intel has a paper describing various SIMD implementations of SHA-256 here: https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/sha-256-implementations-paper.pdf Notably they describe these two variants: - `sha256_avx2_rorx2` - `sha256_avx2_rorx8` > The Intel® 64 processors built on 22nm...

bcrypt is a password hashing function. Perhaps those deserve their own toplevel project, as they are functionally different from hash functions (among other things they are PRFs, not hash functions)

nit about "kdf": bcrypt isn't a KDF

Of this list, KangarooTwelve is the only one I'm even remotely interested in.

Sure. It seems like you could put it in the `tiger` crate (possibly feature-gated)

We have an Argon2 implementation here: https://github.com/RustCrypto/password-hashes/tree/master/argon2

If the BLAKE3 team is interested in doing that, we'd love to have it. But they may not want to. They do implement traits from the `crypto-mac` and `digest` crates,...