I read that Facebook on the 1st Oct 2015 will move from SHA-1 to SHA-2 and we have to update our applications: https://developers.facebook.com/blog/post/2015/06/02/SHA-2-Updates-Needed/
Do you know which function of SHA-2 will it use?
I read there are several (224, 256, 384 or 512) and one of these (SHA-224) doesn't work with the Windows XP SP3 which I use (http://blogs.msdn.com/b/alejacma/archive/2009/01/23/sha-2-support-on-windows-xp.aspx)
You don't have to care that much because usage of the SHA-224 is quite limited.
In this question CBroe has pointed out an important remark:
That blog post is about SSL connections when your app is making API requests. This is not about anything you do with data within your app, it is about the transport layer.
According to the https://crypto.stackexchange.com/questions/15151/sha-224-purpose
Answer by Ilmari Karonen:
Honestly, in practice, there are very few if any reasons to use SHA-224.
As fgrieu notes, SHA-224 is simply SHA-256 with a different IV and with 32 of the output bits thrown away. For most purposes, if you want a hash with more than 128 but less than 256 bits, simply using SHA-256 and truncating the output yourself to the desired bit length is simpler and just as efficient as using SHA-224. As you observe, SHA-256 is also more likely to be available on different platforms than SHA-224, making it the better choice for portability.
Why would you ever want to use SHA-224, then?
The obvious use case is if you need to implement an existing protocol that specifies the use of SHA-224 hashes. While, for the reasons described above, it's not a very common choice, I'm sure such protocols do exist.
Also, a minor advantage of SHA-224 over truncated SHA-256 is that, due to the different IV, knowing the SHA-224 hash of a given message does not reveal anything useful about its SHA-256 hash, or vice versa. This is really more of an "idiot-proofing" feature; since the two hashes have different names, careless users might assume that their outputs have nothing in common, so NIST changed the IV to ensure that this is indeed the case.
However, this isn't really something you should generally rely on. If you really need to compute multiple unrelated hashes of the same input string, what you probably want instead is a keyed PRF like HMAC, which can be instantiated using any common hash function (such as SHA-256).
As you've mentioned, Windows XP with SP3 doesn't support SHA-224 but it supports SHA-256:
Especially: https://stackoverflow.com/a/817121/3964066
And: https://security.stackexchange.com/a/1755
Part of the Thomas Pornin's answer:
ECDSA over a 256-bit curve already achieves an "unbreakable" level of security (i.e. roughly the same level than AES with a 128-bit key, or SHA-256 against collisions). Note that there are elliptic curves on prime fields, and curves on binary fields; which kind is most efficient depends on the involved hardware (for curves of similar size, a PC will prefer the curves on a prime field, but dedicated hardware will be easier to build with binary fields; the CLMUL instructions on the newer Intel and AMD processors may change that).
SHA-512 uses 64-bit operations. This is fast on a PC, not so fast on a smartcard. SHA-256 is often a better deal on small hardware (including 32-bit architectures such as home routers or smartphones)
