[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MD5 versus SHA

To: ipsec@ans.net
Subject: MD5 versus SHA
From: "William Allen Simpson" <bill.simpson@um.cc.umich.edu>
Date: Mon, 30 Jan 95 18:07:25 GMT
Cc: touch@isi.edu
Reply-To: bsimpson@morningstar.com

> From: Ran Atkinson <rja@bodhi.nrl.navy.mil>
> IMNVHO, The long-run algorithm should NOT be our focus now.
> Our focus now should be on
> 	1) algorithm-indendent protocol specs
> and	2) a right-now algorithm that is good enough, but not
> 		necessarily perfect, and has tolerable performance.
>
I somewhat agree, but it _is_ valuable to prepare for the possible next
generation, vis a vis 3DES.


> The early performance data I'm hearing about for SHA makes me VERY
> doubtful that it is practical to deploy SHA universally or to get
> it used on very many packets.  We need an authentication-without-
> confidentiality mechanism that is practical to use on virtually every
> packet with acceptable performance.

Absolutely!  You do remember my comments about slow embedded 186's?


> SHA does not appear to be
> that algorithm at this time with currently available commercial systems
> (e.g. 90MHz 586s, SPARCs, Alphas, etc).
>
That's disappointing.  I had hoped that with the lessons learned, and
the fact that it was based on MD4, it could be _FASTER_ than MD5.

Unfortunately, the Touch report on MD5 doesn't include 68K machines,
so I can't compare MD5 and the report of SHA 4.4 MBps for 68030/25 --
which would be 32+ Mbps, much faster than the MD5 20 Mbps on the 486/33.

Anyway, I sent the SHA draft off to CNRI, and we can test MD5 against
SHA in the best way possible -- on the same machine with the same data
in the same Headers!

Could ISI put together a quick test of SHA in one of it's platforms?

Bill.Simpson@um.cc.umich.edu

Prev by Date: Re: AH-MD5
Next by Date: Re: risks of MACs associated with packets
Prev by thread: Keyed hash functions, Novell's patent
Next by thread: Re: Fwd: Use of Keyed MD5
Index(es):
- Main
- Thread