Re: Changes in AP draft

["Perry E. Metzger" <perry@imsi.com>]

"William Allen Simpson" says:
> In response to Ran's list comment that MD5 is too slow, why not use MD4?
> Any speed tests there?  Is it enough faster?

It is considered insecure these days. At least two-thirds of the
rounds have been successfully cryptanalyzed. 

Although I hate to say it, ultimately the stranglepoint on all
encryption and authentication technology is going to end up being
algorithm speed. For most algorithms currently known, hardware is
going to be needed to produce sufficient speed.  This is unpleasant,
but it is something I've come to accept. Maybe new algorithms like
SEAL will rescue us from the morass -- I don't know.  For the moment,
I'm not worrying about trying to get algorithm speed up at the expense
of security because even fairly bad algorithms are quite slow -- no
point in sacrificing security if you won't get anything for it.

This is not to say that software only systems should not be made as
fast as is possible or that things should not be designed to run as
fast as we can manage in software -- many, if not most, people aren't
going to be buying hardware, period, because of the cost. However,
people wanting to do serious security on their links are pretty much
going to need hardware, especially on today's fastest lines.  Gigabit
links are not going to be achieved without specialized hardware no
matter what we do about optimizing security transforms. Low latency
needs for some applications also require hardware to achieve.

Sigh.

Perry

---

References:

• Changes in AP draft
• From: "William Allen Simpson" <bill.simpson@um.cc.umich.edu>

---

• Prev by Date: Re: Changes in AP draft
• Next by Date: Re: Changes in AP draft
• Prev by thread: Re: Changes in AP draft
• Next by thread: Re: Changes in AP draft
• Index(es):
  • Main
  • Thread