[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MD5 vs. SHA-1, Performance & Pedigree
For those interested in the pedigree of SHA1, you should
know that Professor Rivest, the inventor of MD5, was also involved
with the review/creation of SHA1. There are academic papers
available that compare the two hash functions and make it clear that
they have very similar design principles. SHA1 uses five rounds of
an MD5 like round function to produce five 32 bit blocks, whereas
MD5 uses four rounds to produce four 32 bit blocks.
The new feature of SHA1 is an expansion step before the five
rounds. It is a simple linear feedback shift register expansion
that mixes all the bits of the input block. The difference
between SHA0 and SHA1 is a change in the LSFR to ensure that each
bit position in the expansion depends on each position of the
input.
For those who worry about weaknesses in MD5 please note
that IPSec uses the HMAC transform not raw MD5. For those who
think 128 bits is too small, then SHA1's 160 is a nice step up.
For those who care about performance here are the numbers
from the BSAFE 3.0 crypto toolkit on various platforms. The tests
are run on very large input blocks. The speeds are in megabytes
per second.
Digest Performance in MegaBytes per Second
Pentium P5 Power Mac SPARC 4 DEC Alpha
90 MHz 80 MHz 110 MHz 200 MHz
MD5 13.1 3.1 5.1 8.5
SHA1 2.5 1.2 2.0 3.3
The number for the pentium is particularly high because
extensive work was done to optimize the algorithm for the
dual integer pipeline of the pentium. The rest are compiled
from C code with speed optimization turned on.
--Bob Baldwin
RSA Data Security Inc.