W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan, Jr. napisał: > On 19/10/2017 21:08, Michał Górny wrote: > > Considering all arguments made so far, I'd like to propose changing: > > manifest-hashes = SHA256 SHA512 WHIRLPOOL > > to: > > manifest-hashes = SHA512 SHA3_512 > > +1, fine for me > > > 1. The main argument for using multiple hashes is to prevent the (very > > unlikely) possibility that if a weakness is discovered in one of > > the hashes, the other would still hold. This is given by using two > > algorithms; more than two do not increase security significantly, while > > they do increase performance cost. > > Curious, do we have any measurements/estimates of the performance cost? >
Not specific but I think it's pretty simple, assuming we don't get any multithread-friendly algorithms. With a single thread serial processing of all hashes, it's just sum of times involved in every hash, i.e. Th = T1 + T2 + T3 + ... You'd have to get some numbers to get something smarter out of it. If we assume we can do N threads, then cost of N algorithms is equal to the slowest of them all. Which implies that having N algorithms is fastest on systems capable of at least N threads. Taking a random comparison [1], it seems that SHA3/512 is 3-5 times slower than SHA2/512. If we take that as conclusive, the relative times would be: a. single hash: SHA512 - 1 SHA3_512 - 3-5 b. both hashes: serial - 4-6 parallel - 3-5 [1]:http://wireilla.com/papers/ijcis/V3N3/3313ijcis01.pdf -- Best regards, Michał Górny
