Re: MD5 vs. SHA-1, Selection Criteria
touch@isi.edu Tue, 28 May 1996 18:42 UTC
Received: from relay.tis.com by neptune.TIS.COM id aa08538; 28 May 96 14:42 EDT
Received: by relay.tis.com; id OAA06502; Tue, 28 May 1996 14:44:15 -0400
From: touch@isi.edu
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Received: from sol.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1) id xma006482; Tue, 28 May 96 14:43:50 -0400
Received: from relay.tis.com by tis.com (4.1/SUN-5.64) id AA08686; Tue, 28 May 96 14:43:54 EDT
Received: by relay.tis.com; id OAA06475; Tue, 28 May 1996 14:43:45 -0400
Received: from zephyr.isi.edu(128.9.160.160) by relay.tis.com via smap (V3.1) id xma006458; Tue, 28 May 96 14:43:22 -0400
Received: from ash.isi.edu (ash-a.isi.edu) by zephyr.isi.edu (5.65c/5.61+local-23) id <AA14496>; Tue, 28 May 1996 11:45:43 -0700
Date: Tue, 28 May 1996 11:45:37 -0700
Posted-Date: Tue, 28 May 1996 11:45:37 -0700
Message-Id: <199605281845.AA07593@ash.isi.edu>
Received: by ash.isi.edu (5.65c/4.0.3-6) id <AA07593>; Tue, 28 May 1996 11:45:37 -0700
To: uri@watson.ibm.com, touch@isi.edu, jkennedy@cylink.com
MMDF-Warning: Unable to confirm address in preceding line at neptune.TIS.COM
Subject: Re: MD5 vs. SHA-1, Selection Criteria
Cc: ipsec@TIS.COM
X-Auto-Sig-Adder-By: faber@isi.edu
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
> Date: Tue, 28 May 1996 13:43:32 -0700 > From: John Kennedy <jkennedy@cylink.com> > Organization: Cylink Corporation > To: uri@watson.ibm.com, touch@ISI.EDU > Cc: ipsec@tis.com > Subject: Re: MD5 vs. SHA-1, Selection Criteria > > Uri Blumenthal wrote: > > > > touch@isi.edu says: > > > 2. On A Sun SPARC 20/71 in SunOS 4.1.3, I have measured: > > > > > > stand-alone MD5 60 Mbps +/- 3 Mbps > > > stand-alone SHA 30 Mbps +/- 2 Mbps > > > > Someone else reported to me via private email that the difference in > speed is basically a 5:4 ratio, due to the 80 rounds per 512-bit input > block in SHA-1 vs. 64 rounds for MD5. I wonder why the empirical > evidence doesn't seem to match. > Because rounds are only one measure. Also count the number of operations per round. SHA does more per round than MD5, i.e., MD5 SHA 32-bit adds 4 4 logical 2-3 2-4 (varies per step) rotates 1 2 total CPU 7-8 8-10 (15-20% higher, per round) mem reads 2 2 reg reads 4 5 reg writes 1 2 (others can be omitted via renaming) # rounds 64 80 (25% higher number of rounds). Overall CPU for SHA is 50% higher, and the register I/O is between 25-100% higher. The result, especially when considering the dataflow implications. I have not completed a detailed dataflow comparison, but it's easy to see why SHA is slower than MD5, even when neither is particularly optimized. Joe ---------------------------------------------------------------------- Joe Touch - touch@isi.edu http://www.isi.edu/~touch/ ISI / Project Leader, ATOMIC-2, LSAM http://www.isi.edu/atomic2/ USC / Research Assistant Prof. http://www.isi.edu/lsam/
- WG Last Call: AH Transforms to Proposed Standard HUGO
- MD5 vs. SHA-1, Selection Criteria John Kennedy
- Re: MD5 vs. SHA-1, Selection Criteria touch
- Re: MD5 vs. SHA-1, Selection Criteria Craig Metz
- Re: MD5 vs. SHA-1, Selection Criteria Phil Karn Jr
- Re: MD5 vs. SHA-1, Selection Criteria Perry E. Metzger
- Re: MD5 vs. SHA-1, Selection Criteria John Kennedy
- Re: MD5 vs. SHA-1, Selection Criteria John Kennedy
- Re: MD5 vs. SHA-1, Selection Criteria Craig Metz
- Re: MD5 vs. SHA-1, Selection Criteria touch
- Re: MD5 vs. SHA-1, Selection Criteria Phil Karn Jr
- Re: MD5 vs. SHA-1, Selection Criteria Uri Blumenthal
- Re: MD5 vs. SHA-1, Selection Criteria John Kennedy
- Re: MD5 vs. SHA-1, Selection Criteria touch