Re: Speed of hashing doesn't matter?



Paul Rubin <http://phr.cx@xxxxxxxxxxxxxx> writes:

DJB (http://cubehash.cr.yp.to/submission.html) makes the interesting
remark:

My justification for recommending CubeHash8/1 is that, for most
applications of hash functions, speed simply doesn't
matter. High-volume network protection with HMAC is sometimes cited as
an exception, but anyone who really cares about speed shouldn't be
using HMAC anyway; other MACs are faster and inspire more confidence.

The point about HMAC is well taken, but what about digital signatures?
Aren't they the poster application for hash functions, and are there
any signature schemes that don't use hashing?

The question is whether or not speed in the hash of digital signatures is
important. Do you care if the hash of your letter takes 1usec of 1msec?
Not if it was 1usec vs 25 years, you probably would care, but I do not
think DJB is talking about that kind of disparity in speed.
It also sounds like he is doing special pleading rather really giving a
considered opinion.

.



Relevant Pages

  • Re: How should/could I combine CRCs?
    ... "hash functions" are an interesting family of algos to explore. ... I care a lot about computational efficiency. ... And being versed in the art of cryptography would even make ... I looked at MD4 and it does not look interesting for the applications ...
    (comp.compression)
  • Re: GOST key gen?
    ... proposed that there be a class of 128-bit hash functions whose single ... HMAC starts to fall apart if an adversary can find internal ... The original security proof depends on this property (the ... HMAC-MD5 work by finding internal collisions and near-collisions. ...
    (sci.crypt)
  • Re: New algorithm for short signatures
    ... >independent hash functions. ... You are breaking the "abstraction boundary" and using HMAC in a way it was ... I'm not saying that it is impossible to build a secure system the way ...
    (sci.crypt)
  • Speed of hashing doesnt matter?
    ... High-volume network protection with HMAC is sometimes cited as ... using HMAC anyway; other MACs are faster and inspire more confidence. ... The point about HMAC is well taken, but what about digital signatures? ... Aren't they the poster application for hash functions, ...
    (sci.crypt)
  • Re: Specific encryption
    ... >> HMAC is a method of keying hash functions. ... This HMAC is something like CRC? ... > I thought about that, but still, decrypted ciphertext would look quite ... half of the plaintext bits. ...
    (sci.crypt)