SHA-512

SHA-512 produces a 512-bit digest using 64-bit word operations. On 64-bit CPUs without SHA-NI, it's often faster than SHA-256 because it processes the message in 128-byte blocks (versus SHA-256's 64-byte blocks) with native 64-bit arithmetic. Pick SHA-512 when you want a hash whose output is wide enough to use directly as a 256-bit symmetric key plus a 256-bit MAC tag, or when you're targeting hardware that's been benchmarked to be faster on the 512 variant. For most web-tier work, SHA-256 is the safer default because its smaller output makes log lines / database columns / OpenAPI specs less awkward.