I confess that I don't think syslog-sign should optimize itself to run on a
40MHz 386. That is indeed a very small machine.
Also, while SHA-1 is in fact slower than MD5, MD5 is known to have flaws in
it as Chris Calabrese mentioned. The wide SHAs, however, would be even
slower than SHA-1. Arguing about the speed of the hash algorithm, however,
isn't terribly useful. As I remember it, hashing is four orders of
magnitude faster than the public key operation (handwave, handwave), and
thus isn't really worrying about.
Also, for Syslog-Sign's purposes, DSA has two advantages over RSA. The
first advantage is that the signatures are much smaller than RSA
signatures. The other is that DSA signs faster than RSA, but is slower for
verification. In an application where you are doing a lot of signing, but
relatively few verifications, DSA is the clear winner.
I suppose we could come up with some sort of scheme that didn't use public
key operations -- but then it wouldn't be syslog-sign. I think that
syslog-sign ought to actually sign.
Jon
