Short-input hash functions don't really seem to be a thing.
Most hash functions are kind of intended to do long-input hashing (and thus also amortize the setup and compression and finalization over the course of processing an input).
Short-input hashing (say, about 256 bytes of input expected) seems to be a field that is barely explored at all: Haraka (v2) exists, but is intrinsically married to AES and hardware offloading of AES. Its raison d'être consists of hash-based post-quantum signatures. Simpira (and its v2) are also married to AES. SipHash is a PRF and not a hash function per se. And that basically seems to be the entire space.
@rq Hm~ I would expect that short-input hash functions are useful for key derivation (not from low entropy something, but when you have key K and want to generate various keys from K that are "unrelated" to anyone who doesn't know K; there's a more specific name for it and a contract-and-expand construction that does that that has an rfc that i can't recall the name of right now).
