Hi
Id like to know that is it possible to use skein instead of MD5 or SHA1 for file integrity checking? How?
Is that really better or faster than SHA1 and MD5?Explain please.
+1
A:
In response to your last question: Being an entrant in the SHA-3 contest, it's supposed to be much better than SHA-2, let alone SHA-1.
(Not even mentioning MD5: it's already broken, and you should not use it in any new code.)
Chris Jester-Young
2010-01-27 18:04:50
Note that if the OP just wants to protect file-integrity from random errors (and isn't concerned with malicious-users), MD5 will work just fine, as will any checksum (such as CRC-32, which is much faster than any of those)
BlueRaja - Danny Pflughoeft
2010-01-27 18:37:10
@BlueRaja: Right, you do have to use the right tool for the job: either you want anti-tampering (then use SHA-2 or better), or corruption detection (in which case CRC-32 is pretty much good enough). In neither of those cases is MD5 particularly useful. :-P
Chris Jester-Young
2010-01-27 18:42:09
A:
The submitters of Skein claim a maximum performance of 6.1 clock cycles per processed byte, assuming a 64-bit assembly implementation and using Skein-512. That's a bit below 400 MB/s on a 2.4 GHz core, which is quite good. Yet my own C code for MD5 achieves a bit more than 400 MB/s on the same machine: Skein is not faster than MD5. But not slower either.
Skein, however, is fast enough: you do not really need the hash function to be much faster than the harddisk, although faster code may free some CPU for other threads to run (but, then again, a 2.4 GHz PC often has several cores).
Personally, I would suggest using an established standard (SHA-256 or SHA-512, if you want to be conservative -- but for some tasks MD5 and even MD4 are good enough, and MD4 is really fast, and its compact code uses very little L1 cache). When "the" SHA-3 is officially selected, it will be time to use it and deploy it in production.
Thomas Pornin
2010-01-27 22:58:26
Thx for your response.Actually I d like to use a faster algorithm for Host IDS like OSSEC(That maybe perform File integrity checking for example every 10 min) to put lower loading on the host and take less resources.So I got two options:1) New algo 2)Improve SHA1 or MD5. Would u please explain which way is implementable and better?
Steward
2010-01-28 06:38:32
Don't ever think about changing the contents of a hash algorithm. This would just utterly destroy security. About optimizing implementations, there are already good (and free) implementations out there, and it would be difficult to do much better.On pure performance, you will have trouble getting much better than MD5, which is very fast and compact in RAM; MD4 is faster and more compact even, but in a context where heavy disk access is involved, I am somewhat skeptical that it would make any measurable difference. If OSSEC recommends MD5 then use it.
Thomas Pornin
2010-01-28 13:39:40
A:
Thx for your response.Actually I d like to use a faster algorithm for Host IDS like OSSEC(That maybe perform File integrity checking for example every 10 min) to put lower loading on the host and take less resources.So I got two options:1) New algo 2)Improve SHA1 or MD5. Would u please explain which way is implementable and better?
Steward
2010-01-28 06:37:25