[147546] in cryptography@c2.net mail archive
Re: [Cryptography] Sha3
daemon@ATHENA.MIT.EDU (Peter Fairbrother)
Mon Oct 7 09:58:34 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 07 Oct 2013 02:13:22 +0100
From: Peter Fairbrother <zenadsl6186@zen.co.uk>
To: Dan Kaminsky <dan@doxpara.com>
In-Reply-To: <CAEW7ACmo-XTxoPMLb6BiVAn5ZJSCXc72XpmQceUmk7Mu4KFNLg@mail.gmail.com>
Cc: John Kelsey <crypto.jmk@gmail.com>, Ray Dillinger <bear@sonic.net>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 05/10/13 00:09, Dan Kaminsky wrote:
> Because not being fast enough means you don't ship. You don't ship, you
> didn't secure anything.
>
> Performance will in fact trump security. This is the empirical reality.
> There's some budget for performance loss. But we have lots and lots of
> slow functions. Fast is the game.
That may once have been mostly true, but no longer - now it's mostly false.
In almost every case nowadays the speed at which a device computes a
SHA-3 hash doesn't matter at all. Devices are either way fast enough, or
they can't use SHA-3 at all, whether or not it is made 50% faster.
> (Now, whether my theory that we stuck with MD5 over SHA1 because
> variable field lengths are harder to parse in C -- that's an open
> question to say the least.)
:)
-- Peter Fairbrother
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
