I looked at SHA-256 again, and recalled that the compiler already does a good job with it, and there's not much I can do to optimize it further.
Well, one possibility is to implement four instances of SHA-256 in parallel using 128-bit SIMD instructions. But I don't know if any applications can take advantage of that. -------------------------------------------------- From: "zooko" <[email protected]> Sent: Monday, February 09, 2009 2:46 PM To: "Wei Dai" <[email protected]> Cc: "Crypto++" <[email protected]> Subject: SHA-256 vs. Tiger-192 (was: Crypto++ 6.0?) > On Feb 9, 2009, at 15:01 PM, Wei Dai wrote: > >> I don't understand exactly what Sean O'Neill's comparison methodology >> is, but I'm sure that SHA-256 is more secure than Tiger. I think the >> most important way to compare is to look at how many rounds has been >> broken out of the total number of rounds. Tiger's 19 or 22 out of 24 >> rounds have been broken. For SHA-256 it's 24 out of 64 rounds. It seems >> clear that SHA-256 offers a much bigger margin of security. > > I agree that this is an excellent metric of security. I'm also > interested in Sean O'Neill's metric, but I understand that one less well. > ;-) > > 24 rounds of SHA-256 would probably take about 8 cpb, where 20 out of 24 > rounds of Tiger would probably take about 6 cpb. Hm. > > Regards, > > Zooko > --- > Tahoe, the Least-Authority Filesystem -- http://allmydata.org > store your data: $10/month -- http://allmydata.com/?tracking=zsig > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
