[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MD5 vs. SHA-1, Selection Criteria
> Date: Tue, 28 May 1996 13:43:32 -0700
> From: John Kennedy <jkennedy@cylink.com>
> Organization: Cylink Corporation
> To: uri@watson.ibm.com, touch@ISI.EDU
> Cc: ipsec@tis.com
> Subject: Re: MD5 vs. SHA-1, Selection Criteria
>
> Uri Blumenthal wrote:
> >
> > touch@isi.edu says:
> > > 2. On A Sun SPARC 20/71 in SunOS 4.1.3, I have measured:
> > >
> > > stand-alone MD5 60 Mbps +/- 3 Mbps
> > > stand-alone SHA 30 Mbps +/- 2 Mbps
> >
>
> Someone else reported to me via private email that the difference in
> speed is basically a 5:4 ratio, due to the 80 rounds per 512-bit input
> block in SHA-1 vs. 64 rounds for MD5. I wonder why the empirical
> evidence doesn't seem to match.
>
Because rounds are only one measure. Also count the number of
operations per round. SHA does more per round than MD5, i.e.,
MD5 SHA
32-bit adds 4 4
logical 2-3 2-4 (varies per step)
rotates 1 2
total CPU 7-8 8-10 (15-20% higher, per round)
mem reads 2 2
reg reads 4 5
reg writes 1 2 (others can be omitted via renaming)
# rounds 64 80 (25% higher number of rounds).
Overall CPU for SHA is 50% higher, and the register I/O is
between 25-100% higher. The result, especially when considering
the dataflow implications. I have not completed a detailed
dataflow comparison, but it's easy to see why SHA is slower than
MD5, even when neither is particularly optimized.
Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM http://www.isi.edu/atomic2/
USC / Research Assistant Prof. http://www.isi.edu/lsam/