Re: Looking for a fast implementation of a hash algorithim



On Thu, 29 Sep 2011 17:56:25 +0800, Jonathan Wilson
<jfwfreo@xxxxxxxxxxx> wrote:

I am in need of a fast C/C++ implementation of a hash algorithim.

I have no idea which algorithim I should choose (MD5, SHA, others)
The biggest risk we have is a chosen-plaintext attack (i.e. where someone
could come up with specifically chosen data and then modify it to still be
valid to the code that parses it but also match the hash)

Previously we used an implementation of CRC32 because we were more
concerned about corrupted data than malicious attacks but we now have found
that malicious attacks are a concern so we need something a bit stronger.

I need something that is licensed with a permissive license (BSD, public
domain etc)

Can anyone suggest which algorithim I should be using here and where to get
a fast implementation under a nice license?


Try one of the SHA-2 variants. SHA-256 should do just fine. While
there are (at least theoretical) weaknesses in SHA-1, no solid ones
have surfaced yet for SHA-2 (although there are some concerns, they're
not likely to result in anything practical for quite some time, if
ever).

SHA-2 is widely studied, used in a huge number of applications, is
fairly fast, and is not under any sort of license. There are many
implementations out there, many of those free or open source. Rolling
your own is not hard either, although I'd recommend one of the many
good quality free implementations.

And it's certainly easy enough to try - if there are performance
issues, try something more complex then. FWIW, on modern CPUs,
reasonable implementations of SHA-256 are around a couple of dozen
clocks cycles per input byte for moderate sized inputs (say a couple
of hundred bytes), with shorter messages doing worse
.



Relevant Pages

  • Re: Let me clarify something about drivers licenses
    ... show an SSN card or even a birth certificate. ... They came into play LONG before the 9/11 attacks. ... show 3 pieces of ID to get my license long before 9/11. ...
    (rec.outdoors.rv-travel)
  • Re: Groklaw says "Watch out, Ruby!"
    ... The MRI stdlibs are Ruby and should be freely reusable. ... he can't use the implementations because I think the license is ... What I'm saying is that my guess is that Rubinius would use the MRI ...
    (comp.lang.ruby)
  • Re: Groklaw says "Watch out, Ruby!"
    ... The MRI stdlibs are Ruby and should be freely reusable. ... he can't use the implementations because I think the license is ...
    (comp.lang.ruby)
  • Re: Dont use S-boxes!
    ... attacks. ... > I ran the time.c program along with the 6 AES implementations present ... > machines, one of them is a dual Celeron 560. ...
    (sci.crypt)
  • Re: Privilege-escalation attacks on NT-based Windows are unfixable
    ... I think one practical approach would be to use a decen virtual machine ... implementations) by AMD and Intel support implementing virtual machine ... allowing non-provileged processes to know that they are ... VM doesn't prevent attacks on the OS that runs on top of it but at ...
    (comp.security.misc)