Re: Speed of hashing doesn't matter?



Paul Rubin <http://phr.cx@xxxxxxxxxxxxxx> writes:

DJB (http://cubehash.cr.yp.to/submission.html) makes the interesting
remark:

My justification for recommending CubeHash8/1 is that, for most
applications of hash functions, speed simply doesn't
matter. High-volume network protection with HMAC is sometimes cited as
an exception, but anyone who really cares about speed shouldn't be
using HMAC anyway; other MACs are faster and inspire more confidence.

The point about HMAC is well taken, but what about digital signatures?
Aren't they the poster application for hash functions, and are there
any signature schemes that don't use hashing?

The question is whether or not speed in the hash of digital signatures is
important. Do you care if the hash of your letter takes 1usec of 1msec?
Not if it was 1usec vs 25 years, you probably would care, but I do not
think DJB is talking about that kind of disparity in speed.
It also sounds like he is doing special pleading rather really giving a
considered opinion.

.