[cap-talk] FW: x.509 -- MD5 considered harmful today
James A. Donald
jamesd at echeque.com
Wed Dec 31 23:42:58 EST 2008
zooko wrote:
> Secure hash functions are more expensive. SHA-256 is
> about 21 cycles per byte. The fastest open source
> compression (multi-algorithm, type- detecting) that I
> know of -- FreeARC -- is about 3.7 cycles per second
> (on a standard test set). zlib is about 16 cycles per
> byte.
>
> I'm hoping that SHA-3 will turn out to be
> substantially faster than SHA-256, but it might not
> be.
The trend is for communication bandwidth to rise faster
than cpu speed, so the cost of hashing is becoming a
greater and greater problem. Moore's law is losing to
Nielsen's law
We need a hash function that is both more secure, and
much faster.
Recollect how much trouble we get into because people
try to https only what matters, and http when it is safe
to do so, and usually get it wrong.
More information about the cap-talk
mailing list