On 23-04-2012 14:40, David Adamson wrote: > On 4/22/12, Tanja Lange <[email protected]> wrote: >> In reply to the latest postings: >> >> Many submissions were faster than SHA-2 at the time of submission. Lots >> of people had fun speeding up SHA-2 -- so the competition has definitely >> led to a faster SHA-2. >> >> Also, check out >> http://bench.cr.yp.to/graph-sha3/long.png >> to see that on CPUs Blake is faster than SHA-2; for the bigger CPUs also >> skein is faster than SHA-2, so there are efficiency benefits of the new >> hash functions. Furthermore, whichever candidate is chosen as SHA-3 will >> have a bigger security margin than SHA-2. >> > SUPERCOP is one of my favorite web sites. Kudos to you and Dan for the > great job. > Indeed Blake and Skein are faster than SHA-2, but NOT SIGNIFICANTLY. > > MD5 is SIGNIFICANTLY faster than SHA-2, and terribly broken. Several > other candidates (including CubeHash) are significantly faster than > SHA-2 and they were "broken" with attacks requesting 2^170, 2^200, > 2^380, 2^480 hash evaluations.
On big hardware, the fastest SHA-3 candidates (BLAKE, Skein) are very much closer to MD5 in performance (~5.5 cpb) than SHA-2. Plus, I don't see any platform where CubeHash16/32 wins over either of them in speed. The place where SHA-2 shines is the very low end. Performance there, however, is usually measured in gates, not cpb. Regards, Samuel Neves _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
