Re: MD5 performance limitations document

["Perry E. Metzger" <perry@imsi.com>]

"Theodore Ts'o" says:
>    From: Masataka Ohta <mohta@necom830.cc.titech.ac.jp>
>    Date: Wed, 11 Jan 95 11:44:54 JST
> 
>    The draft is fataly wrong to not to distinguish the off-chip and
>    on-chip clock speed.
> 
>    Performance issues is in DES, not in MD5.
> 
> Well, the draft makes the assertion that if you're interested in speeds
> of 300-600 megabits per second, the maximum theoretical speed of MD5,
> even assuming that you used a specialized hardward chip implementation,
> wasn't going to cut it.  That appeared to be the main thrust of the
> draft.
> 
> It is certainly true that if you are using encryption and integrity
> protection, the speed of your encryption algorithm may very well swamp
> your MD5 calculations.

No, actually. He makes a very subtle point. I can arbitrarily speed
up, say, DES, with parallelism. A defect in the design of MD5 keeps me
from being able to do that. I know of DES chips that do over a gigabit
per second in hardware. The claim here is that MD5 will melt your
processor and still not give you that performance.

I'm not yet sure that there isn't a trick he might not have missed,
though, as I haven't examined the problem very hard. However, I would
STRONGLY suggest that people look at this.

Perry

---

References:

• Re: MD5 performance limitations document
• From: Theodore Ts'o <tytso@MIT.EDU>

---

• Prev by Date: Re: Perfect forward SECURITY (bypass channel?)
• Next by Date: Re: MD5 performance limitations document
• Next by thread: Re: Size of IV field in DES-CBC mode
• Index(es):
  • Main
  • Thread