[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: fs-rep-sharing branch

From: Philipp Marek <philipp.marek_at_emerion.com>
Date: Wed, 22 Oct 2008 16:00:46 +0200

On Wednesday, 22. October 2008, C. Michael Pilato wrote:
> My point was that we still needn't carry SHA1's all over the place if the
> only time we use SHA1 in FSFS is when calculating keys for the shared
> representation collection. That work happens *only* during commits, and
> will not affect the performance of any operations besides commit (which is
> probably the least common of all version control operations).
>
> I don't have a strong opinion about this matter -- just making sure that we
> all maintain a sense of perspective about the real effects of the proposed
> change.
If it's really a very local change, and doesn't matter for anything but
"commit", I'd like to propose that the keys are computed via SHA-512 or
something like that; the developer effort is nil (if that has to be changed
anyway), the CPU effort is not that bad [1], and it is a bit "better" if you
accept that any version that gets released _now_ might be in use for 10 years
or more

In other words: the life expectancy of SHA-512 is better than SHA1, which was
reported as "broken in 2005 - and so shouldn't be used for *anything* now.
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html)

Regards,

Phil

[1]: "openssl speed md5 sha1 sha256 sha512" gives (shortened) [2]:

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 23421.50k 79192.09k 209173.15k 361711.05k 451998.22k
sha1 24101.69k 71978.18k 163671.54k 241239.22k 282906.07k
sha256 19606.62k 45844.17k 83229.42k 103612.50k 112052.68k
sha512 13480.24k 54572.99k 97554.18k 147032.16k 170828.91k

If we accept that MD5 is bad, we have a difference (from SHA1 to SHA512) of
40% - according to Moore's Law that is amortized in 18 months, but will help
for a few years more (in collision resistance).

[2]
OpenSSL 0.9.8g 19 Oct 2007
built on: Sun Aug 3 18:01:44 UTC 2008
options:bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) aes(partial)
blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -
DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -
Wall -DMD32_REG_T=int -DMD5_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-10-22 16:01:22 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.