> Why not to use blake2s or even blake2sp? They will be 3-10 times faster than SHA256.
BLAKE2 has not received the same security analysis as BLAKE did because it was not a SHA-3 finalist. BLAKE2 is faster because it uses fewer rounds and drops the round constants.
Also, the speed advantage is only on 64 bit processors. SHA-1 and SHA-256 use 32 bit operations. Of course 32 bit processors are dinosaurs, but the fact is a lot of people are still running 32 bit operating systems on their 64 bit processors. About 30% of people are even still using Windows XP. http://www.netmarketshare.com/operat...10&qpcustomd=0
That said, SHA-1 was probably a poor choice for ZPAQ. I would change it if I wasn't worried about compatibility. I'm not so worried about error detection (CRC32 would be good enough) as much as the possibility of deduplication collisions. I already use SHA-256 for the encryption related functions.