[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Performance: MD4 vs MD5

From: Sander Roobol <phy_at_wanadoo.nl>
Date: 2003-04-25 19:39:24 CEST

When it came to my attention that Subversion uses MD5 for it's checksums, I
suddenly remembered that MD5 was designed as a safer but slower version of MD4.
This is what RFC 1321 (MD5 Message-Digest Algorithm) says:

  "MD5 is slightly slower than MD4, but is more "conservative" in design. (...)
  because MD4 was designed to be exceptionally fast, it is "at the edge" in
  terms of risking successful cryptanalytic attack. MD5 backs off a bit, giving
  up a little in speed for a much greater likelihood of ultimate security."

As the RFC is not very clear about MD5's performance, I searched the web for
some benchmarks. This one is about a python module that needed MD4 and/or MD5,
on http://minkirri.apana.org.au/~abo/projects/pysync/swf/librsync.diary

  "Quick benchmark of md4 vs md5 using 256K sums of 1K blocks random data. I
  used native md4 and [md5] modules on a Cel-366. Results; md4 12.8secs, md5

I also found an archived thread comparing MD5 to SHA-1:
From http://www.sandelman.ottawa.on.ca/ipsec/1996/06/msg00003.html
Someone did some benchmarks and included MD4 too:

  "Performance in Megabytes per Second on a 90 MHz Pentium
    20.9 14.2 6.1 10.3 8.0 5.0"

I ran some benchmarks too, on an AMD XP 1700+ and an Intel Pentium 4 1700MHz,
using openssl(1). The AMD box runs OpenSSL 0.9.7a on Debian Sid, the Pentium
runs OpenSSL 0.9.6b on Red Hat 7.2.
The table below shows the time in milliseconds needed to checksum a 100MB file
(cached in memory) filled with random garbage.
I also ran md5sum(1) on that file, and that gives some surprising results.
Apart from a clear speed difference between MD4 and MD5, there also appears to
be a quite significant difference between various MD5 implementations.

             MD4 MD5 md5sum(1)
  XP 1800+ 550 600 1100
  P4 1700 805 1040 4950

These three benchmarks together show that MD4 is approximately 10 to 25% faster
than MD5. I can't imagine that subversion needs cryptographic safety of it's
checksums, although I don't exactly know what the checksumming code does. So
my question is, why is subversion using MD5?


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Apr 25 19:40:13 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.