[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MD5 vs. SHA



All,

It is important to keep in mind that whatever algorithm is chosen
needs to be fast enough in real commercial systems with standard
commercial processors that it is actually practical to use with
many packets over fairly fast networks (e.g. FDDI, FastEthernet,
and ATM are all order(100Mbps)).  Software implementations are
what most systems will have, so we need to avoid solutions
that effectively require hardware implementations of the security-
related algorithms.

Now I'm not arguing for or against any particular algorithm, but
if we pick an algorithm that is impractical to deploy widely
we will (IMHO) have failed to do our jobs properly.  This is
fundamentally an engineering exercise in risk reduction NOT
a theoretical/research exercise in designing flawless security.
There is already concern that MD5 only performs at order(70Mbps)
on an Alpha when everything is neatly aligned (and so forth).
Should we not do the same kind of experimentation/testing on
SHA and whatever other algorithms the group is seriously discussing ?

In any event, algorithm-independence is IMHO a design requirement
because the world will probably migrate to different or additional
algorithms with time.

I can live with imperfect security in IPvN as long as it is
widely deployed, practical to use, and significantly reduces
risk.

Mind you, this is all just my opinion...

Ran
atkinson@itd.nrl.navy.mil