On 05/10/13 00:09, Dan Kaminsky wrote:
Because not being fast enough means you don't ship. You don't ship, you
didn't secure anything.
Performance will in fact trump security. This is the empirical reality.
There's some budget for performance loss. But we have lots and lots of
slow functions. Fast is the game.
That may once have been mostly true, but no longer - now it's mostly false.
In almost every case nowadays the speed at which a device computes a
SHA-3 hash doesn't matter at all. Devices are either way fast enough, or
they can't use SHA-3 at all, whether or not it is made 50% faster.
(Now, whether my theory that we stuck with MD5 over SHA1 because
variable field lengths are harder to parse in C -- that's an open
question to say the least.)
:)
-- Peter Fairbrother
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
