[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 versus SHA

To: touch@ISI.EDU, smb@research.att.com, atkinson@itd.nrl.navy.mil
Subject: Re: MD5 versus SHA
From: touch@ISI.EDU
Date: Tue, 28 Mar 1995 15:02:21 -0800
Cc: ipsec@ans.net
Posted-Date: Tue, 28 Mar 1995 15:02:21 -0800

> From rja@bodhi.cs.nrl.navy.mil Tue Mar 28 10:13:06 1995
> From: Ran Atkinson <rja@bodhi.cs.nrl.navy.mil>
...
>   Given that IPv4 and IPv6 are using the same security mechanisms,
> the speed of encryption/authentication is not different between
> IPv4 and IPv6.  The property that IPv6 not be slower than IPv4 is
> preserved if one compares secure to secure or insecure to insecure.
> IPv6 requires that security be implemented but does not require
> that a user must use security.

I agree completely. However, putting MD5 in as the default to 
an option, where we know a-priori that this will kill bandwidth,
seems like something we ought to avoid at all cost.

The problem is that security is going to be turned on somewhere.
The authentication algorithm is likely to define the upper-bound
on bandwidth if this is the case. I'd like to suggest that
this be a primary concern now, while the standards are being
determined, rather than later...

>   The problem with using another algorithm than MD5 is lack of
> community consensus that other algorithms are both faster and
> "strong enough".  The mechanism is algorithm-independent so if,
> in due time, the community consensus is to use your modified MD5
> or some other algorithm, then it is straight-forward to do so.
> Going to Proposed Standard now with MD5 does not preclude changing
> algorithms prior to going to Draft Standard, for example.

I'd like to suggest something a bit stronger.

While I agree that consensus on strength is important,
I would like to argue that consensus on speed is equally important.

If we don't have something that breaks 100 Mbps on a Sparc 10/51
in software (ballpark...), I propose that we do not specify
a default authentication algorithm at all at this time.

*********************************

If not specifying a default will be detrimental to the acceptance
and use of the option, I see this as a challenge to find an
algorithm that is fast; not an excuse to use one that is not.

*********************************

I'm still seeking one, if anyone has any ideas.


Joe

Follow-Ups:

Re: MD5 versus SHA

From: Theodore Ts'o <tytso@MIT.EDU>

Prev by Date: Re: MD5 versus SHA
Next by Date: Is there an agenda yet?
Prev by thread: Re: MD5 versus SHA
Next by thread: Re: MD5 versus SHA
Index(es):
- Main
- Thread