[blame_lewis]

AES is one of the few that has a pretty good shot at it, yeah. SHA-2 has had its margin eroded significantly over the last 10 years. I'd feel nervous about using it in security-critical applications now, never mind 20 years down the line.

ECB is insecure regardless of which cipher you use. There's no excuse for using it in production applications.

http://valerieaurora.org/hash.html

[fractionalhare]

No, SHA-2 has not had its margins eroded "significantly", and you should not feel nervous about using it whatsoever. It's fundamentally different from MD5 in structure, so you shouldn't extrapolate a few years' worth of minor weaknesses to forecast major weaknesses in the near future.

The website you've linked is citing legitimate cryptanalytic papers, but it loses credibility by interpreting systems with minor weaknesses as "not considered strong." Minor weaknesses are exhibited in all cryptosystems older than a few years. Can you find me a professional cryptographer who will say SHA-2 is not strong? Because I can't think of any. The authors of these cryptanalytic papers would probably choose it for new projects without being nervous.

It's an attractive idea that cryptographic algorithms will trend towards insecurity over time. But that's a very oversimplified look at how they work, and it's not a reliable prediction over a period <20 years. We are almost certainly several deep research breakthroughs away from a meaningful break in SHA-2.

But I'm just some guy on the internet. If you don't trust my opinion on this, here is the opinion of one of the BLAKE authors, a finalist in the SHA-3 competition: https://twitter.com/veorq/status/834872988445065218