[Cryptography] let's kill md5sum!
Zooko Wilcox-OHearn
zooko at leastauthority.com
Tue Jun 9 11:46:46 EDT 2015
On Tue, Jun 9, 2015 at 8:13 AM, Ben Laurie <ben at links.org> wrote:
>
> OpenSSL command line, of course.
Thanks! Working on it:
https://mta.openssl.org/pipermail/openssl-dev/2015-June/001723.html
> But why BLAKE2? And who cares how fast it is?
For my answers to this, please see my slides from ACNS 2013:
https://blake2.net/acns/slides.html
The first slide hopefully answers your second question there.
Basically, cryptographers have adopted SHA-2 for their specific
purposes, but the world of big data has long since standardized on
MD5-or-SHA1 and shows no signs of budging. NIST itself, even while
sponsoring the SHA-3 contest, was also continuing to recommend MD5 as
a good tool for digital forensics (in NIST SP 800-86).
I've heard many stories from engineers of how MD5 is sometimes the
bottleneck in their operations. For example a friend who works at
revision control company Perforce, tells me that a single "verify the
integrity of this repo" operation once took more than a week, during
which time it continually maxed out the server. And Perforce uses the
standard secure hash function for big data: MD5! I don't think they
will ever be persuaded to upgrade to a slower function. But they
*might* be persuaded to upgrade to a faster.
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO, and Customer Support Rep
https://LeastAuthority.com — Freedom matters.
More information about the cryptography
mailing list