[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Performance: MD4 vs MD5

From: Branko Čibej <brane_at_xbc.nu>
Date: 2003-04-26 08:59:11 CEST

Michael Price wrote:

> Daniel Berlin wrote:
>
>> On Friday, April 25, 2003, at 04:19 PM, Michael wrote:
>>
>>>> Where did you read that collisions with MD4 are that frequent?
>>>> I'm aware of cryptographic attacks against the first few rounds
>>>> but do not recall reading _anything_ that states MD4's collision
>>>> rate is that high.
>>>
> >
>
>> "Dobbertin has shown how collisions for the full version of MD4 can
>> be found in under a minute on a typical PC. Clearly, MD4 should now
>> be considered broken."
>
>
> I agree. It is broken for cryptographic purposes. However, this
> discussion doesn't relate to cryptography in the slightest. We simply
> need a hash function and it our case a collision isn't really that bad.

Oh come now, of course a collision is bad in our case. Even if we're not
doing crypto stuff, we do want to have a certain level of confidence
that our data weren't stomped on somewhere along the line.

If using MD4 instead of MD5 would lower our confidence level from 99.9%
to 95% (or whetever the numbers are), then a 25% speed increase in the
checksumming algorithm isn't worth it. Especially as the relevant datum
is not absolute checksumming speed but percentage of time spent in
checksumming.

-- 
Brane Čibej   <brane_at_xbc.nu>   http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Apr 26 09:00:01 2003

This is an archived mail posted to the Subversion Dev mailing list.