switching from SHA-1 to Tiger ?
Zooko O'Whielacronx
zooko at zooko.com
Tue Jul 11 12:12:04 EDT 2006
Hal:
Thanks for the news about the planned NIST-sponsored hash function
competition. I'm glad to hear that it is in the works.
Yesterday I profiled my on-line data backup application [1] and
discovered that for certain operations one third of the time is spent in
SHA-1. For that reason, I've been musing about the possibility of
switching away from SHA-1. Not to SHA-256 or SHA-512, but to Tiger.
The implementation of Tiger in Crypto++ on Opteron is more than twice as
fast as SHA-1 and almost four times as fast as SHA-256 [2].
I hope that the hash function designers will be aware that hash
functions are being used in more and more contexts outside of the
traditional digital signatures and MACs. These new contexts include
filesystems like ZFS [3], decentralized revision control systems like
Monotone [4], git [5], mercurial [6] and bazaar-ng [7], and peer-to-peer
file-sharing systems such as Direct Connect, Gnutella, and Bitzi [6].
The AES competition resulted in a block cipher that was faster as well
as safer than the previous standards. I hope that the next generation
of hash functions achieve something similar, because for my use cases
speed in a hash function is more important than speed in encryption.
By the way, the traditional practice of using a hash function as a
component of a MAC should, in my humble opinion, be retired in favor of
the Carter-Wegman alternative such as Poly-1305 AES [7].
Regards,
Zooko
[1] http://allmydata.com/
[2] http://www.eskimo.com/~weidai/amd64-benchmarks.html
[3] http://www.opensolaris.org/os/community/zfs/
ZFS offers the option of performing a SHA-256 on every block of data
on every access. The default setting is to use a non-cryptographic
256-bit checksum instead.
[4] http://www.venge.net/monotone/
[5] http://git.or.cz/
[6] http://en.wikipedia.org/wiki/Tiger_(hash)
[7] http://cr.yp.to/mac.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list