Re: MD5 vs. SHA-1, Selection Criteria

[touch@isi.edu]

> Date: Fri, 24 May 1996 16:26:53 -0400
> From: Craig Metz <cmetz@inner.net>
> 
> In message <31A5D755.796C@cylink.com>, you write:
> >If I gave you a free implementation of SHA
> >-1 that ran as fast or faster than MD5, 
> >would that change your mind?

It may be surprising. Given that, according to "Applied Crypto",
2nd Ed., p445, (including recent Addenda), 
	SHA is MD4 with 
		an expanded transform, 
		an extra round, and 
		better avalanche effect
	MD5 is MD4 with 
		improved bit-hashing,
		an extra round, and
		better avalanche effect

The fact that SHA appears to be half as fast as MD5
hints that SHA's transform costs more than MD5's bit-hash
improvements, but that they are algorithmically very similar,
and that in fact SHA is slightly more work (expanded transform 
vs. different bit-hash function) than MD5. 


> 	I'd be very interested in seeing this. All of the SHA code I've seen
> thus far is slower than MD5. (Most of it's pretty poorly written, too.)

Even the MD5 code, however you consider it written, is within about
20% of it's analytical maximum, this seems moot. The overall
performance isn't going to change by 1-2 orders of magnitude.

Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu		    http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM       http://www.isi.edu/atomic2/
USC / Research Assistant Prof.                http://www.isi.edu/lsam/

---

Follow-Ups:

• Re: MD5 vs. SHA-1, Selection Criteria
• From: Hilarie Orman <ho@cs.arizona.edu>

---

• Prev by Date: Photuris implementations ?
• Next by Date: Yet another SHA/MD5 comment .... my last
• Prev by thread: Re: MD5 vs. SHA-1, Selection Criteria
• Next by thread: Re: MD5 vs. SHA-1, Selection Criteria
• Index(es):
  • Main
  • Thread