Today I found another big bug caused by `fromIntegral`: https://github.com/haskell-crypto/cryptonite/issues/330 Incorrect hashes for all hash algorithms beyond 4 GiB of input. SHA hash collisions in my productions system. Restating what I said there: * Until we deprecate fromIntegral, Haskell code will always be subtly wrong and never be secure. * If we don't fix this, people will shy away from using Haskell for serious work (or learn it the hard way). Rust and C both do this better. * If the authors of key crypto libraries fall for these traps (no blame on them), who can get it right? We should remove the traps. The wrong code, hashInternalUpdate ctx d (fromIntegral $ B.length b) exists because it simply does not look like wrong code. In contrast, hashInternalUpdate ctx d (fromIntegralWrapping $ B.length b) does look like wrong code and would make anyone scrolling by suspicious. We can look away while continuing to claim that Haskell is a high-correctness language, or fix stuff like this and make it one.