Re: Remove little-used algorithms from IKEv2

Paul Koning <pkoning@equallogic.com> Fri, 15 March 2002 14:39 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g2FEdQ428027; Fri, 15 Mar 2002 06:39:26 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id JAA13632 Fri, 15 Mar 2002 09:04:25 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <15506.522.496821.516359@pkoning.dev.equallogic.com>
Date: Fri, 15 Mar 2002 09:15:38 -0500
From: Paul Koning <pkoning@equallogic.com>
To: danmcd@east.sun.com
Cc: ipsec@lists.tislabs.com
Subject: Re: Remove little-used algorithms from IKEv2
References: <2F3EC696EAEED311BB2D009027C3F4F405869A08@vhqpostal.verisign.com> <200203142153.g2ELrtDq022893@kebe.east.sun.com>
X-Mailer: VM 7.01 under 21.1 (patch 11) "Carlsbad Caverns" XEmacs Lucid
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

>>>>> "Dan" == Dan McDonald <danmcd@east.sun.com> writes:

 Dan> MD5 is a far better peformer than SHA-1 - especially if you work
 Dan> around MD5's poor assumptions that all-the-world's-an-Intel.

I found it to be about 15% faster than SHA-1, and that on a big endian
machine.  That number makes sense given the structure of the two
algorithms.  So, somewhat better, yes.  "Far better", no.

In hardware implementations, the two tend to be pretty close, and
usually faster than the encryption transform so it doesn't matter
which you chose as far as performance goes.

     paul