On Sat, Dec 09, 2000 at 06:46:23PM -0500, Tom Lane wrote:
> I'm at a loss to see how a Pentium would arrive at a better result for
> MD5 than for CRC. For one thing, it's going to be at a disadvantage
> because it hasn't got enough registers. I'd be interested to see the
> assembly code...
Minutiae aside, it's clear that the MD5 and CRC are "comparable",
regardless of CPU.
For a 32-bit hash, the proven characteristics of CRCs are critical in
some applications. With a good 64-bit hash, the probability of any
collision whether from a burst error or otherwise becomes much lower
than every other systematic source of error -- the details just don't
matter any more. If you miss the confidence that CRCs gave you about
burst errors, consider how easy it would be to construct a collision
if you could just try changing a couple of adjacent bytes -- an
exhaustive search would be easy.
MD4 would be a better choice than MD5, despite that a theoretical attack
on MD4 has been described (albeit never executed). We don't even care
about real attacks, never mind theoretical ones. What matters is that
MD4 is entirely good enough, and faster to compute than MD5.
I find these results very encouraging. BSD-licensed MD4 code is readily
available, e.g. from any of the BSDs themselves.
Nathan Myers
ncm@zembu.com