[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 performance limitations document

To: smb@research.att.com
Subject: Re: MD5 performance limitations document
From: Masataka Ohta <mohta@necom830.cc.titech.ac.jp>
Date: Wed, 11 Jan 95 19:16:17 JST
Cc: tytso@MIT.EDU, perry@imsi.com, ipsec@ans.net
In-Reply-To: <9501110438.AA09086@necom830.cc.titech.ac.jp>; from "smb@research.att.com" at Jan 10, 95 11:35 pm

> 	 It is certainly true that if you are using encryption and integrity
> 	 protection, the speed of your encryption algorithm may very well swamp
> 	 your MD5 calculations.  However, if you're only doing keyed MD5 for
> 	 integrity protection, you may very well run into the limits which this
> 	 paper points out.

Don't mind. The draft reports 100Mbps with DEC Alpha, which is CMOS,
which already exceed the THEORETICAL CMOS limit of 70Mbps.

> The ironic thing is that gigabit/second DES chips have actually been
> built -- meaning, if the analysis is correct, that encryption is faster
> than MD5...  

While pipelined DES can be as fast as you want, CBC-DES can't be.
CBC-DES needs feed back and can't be pipelined so efficiently.
16 way interleaving might be necessary.

> Someone should look for possible pipelines or space-time tradeoffs in
> MD5, much as has been done for DES.

If MD5 or DES has any short cuts for computation, it's not secure.

						Masataka Ohta

Follow-Ups:

Re: MD5 performance limitations document

From: Hilarie Orman <ho@cs.arizona.edu>

Prev by Date: Re: MD5 performance limitations document
Next by Date: Re: (bypass channel?)
Next by thread: Re: Size of IV field in DES-CBC mode
Index(es):
- Main
- Thread