First of all, sorry for a late posting on this issue (i was on vacation and just caught it). Now: in his message of 02/22/02 6:46 AM, albert.mietus says:
>> Is MD5 really that much faster than SHA1? (MD5 has known problems >> and there are RFC's saying not to use it) > Yes, MD5 for hashing should be at least twice as fast. However hashing > isn't > the bottleneck Agreed. Hashing is the least problem, since any good hashing algorithm is way faster than a symmetric cipher. [snip] > But, his first suggestions, as alternatives to SHA1/DSA are: > 1) SHA1 with RSA RSA is a lot faster then DSA > 2) MD5 with RSA MD5 & RSA are faster: quite fast > 3) DES in CBC mode very fast > This (3) gives a MAC not a signature (see note 1) (3) should be discarded as it does not provide a valid signature, i.e., it does not have non-repudiation properties. A fast and compact scheme, providing also low resource consumption so to be used in lightweight devices (as light as a smartcard, btw), is achieved by using elliptic curves, e.g. EC-DSA (ANSI X9.62), see FIPS 186-2. A scheme implementing SHA-1 with EC-DSA will be the fastest option. > Alternative 3 should be the fastest one. Alternative 1 is faster then > SHA1/DSA, but hardly used because alt-2 is better (faster) at no cost. Except for the collision effects in MD5, besides the fact that MD5's hash length makes it non-recommendable for environments with many messages (as the case is). [snip] > Not quite. The problems with WEP are not due to the algorithm (witch is > MD5 > it think), but a "bug" in the design. WEP uses RC4, which has its own weaknesses besides the design flaw of the cryptosystem. [snip] Regards, Enrique
