Jeff, you really should correct a few factual points here: * This whole post is about secure hashes. There's such a thing as an (intentionally) insecure hash function, e.g. cityhash, spookyhash, or murmurhash. In your nomenclature, all hashes are secure, and all insecure hash functions are checksums. This doesn't match the way the words are commonly used, as you can observe by the fact that these three insecure hashes all have "hash" in their name. * Second, as others have pointed out, secure hashes are not designed to be slow. Some are. Most are not. In general, I want SHA1 to be fast, because I use it for lots of things other than hiding passwords. If I have a lot of documents to hash, it's great if I can implement my hash function on the GPU! Indeed, if you look at the SHA3 candidates, you'll see that they're explicitly competing on speed.