SHA-1 correctness and speed
Bernd Eckenfels
bernd-2013 at eckenfels.net
Fri Nov 15 23:40:39 UTC 2013
Hello,
you might have seen it, on the pgp-devel mailing list there was a thread
about a counter overflow in some message digest implementations of
libcrypt (affecting GnuPG MIC+Sign). With hashed data > 256GB there are
wrong hashes calculated.
http://lists.gnupg.org/pipermail/gnupg-devel/2013-November/028041.html
This motivated me to test Java implementation for the mentioned 257GB test
vectors. SunJCE and BC are not affected. I want to share with you the code
and results anyway.
https://github.com/ecki/JavaCryptoTest/blob/master/src/main/java/net/eckenfels/test/jce/HashOverflowTest.java
NB: BC implementation is slower than JCE implementation:
This is testing mit 257*1024 times a 1MB nul buffer:
== HashOverflowTest on Java HotSpot(TM) 64-Bit Server VM
1.7.0_09-b05/23.5-b02 (Oracle Corporation)
@ Windows 7 6.1 amd64 Service Pack 1 ==
Testing algorithm SUN: MessageDigest.SHA -> sun.security.provider.SHA
aliases: [SHA-1, SHA1] attributes: {ImplementedIn=Software}
Digest:SHA-1 Message Digest from SUN 275951648768bytes x nul
hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 1310,562s
Testing algorithm BC: MessageDigest.SHA-1 ->
org.bouncycastle.jce.provider.JDKMessageDigest$SHA1
aliases: [SHA1, SHA, 1.3.14.3.2.26]
Digest:SHA-1 Message Digest from BC 275951648768bytes x nul
hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 1529,284s
That is Sun 200MiB/s vs BC 172 Mib/s vs. openssl* 308MiB/s (i7-2600
@3,40GHz )
On a slower system:
Testing algorithm SUN: MessageDigest.SHA -> sun.security.provider.SHA
aliases: [SHA-1, SHA1] attributes: {ImplementedIn=Software}
Digest:SHA-1 Message Digest from SUN 275951648768bytes x nul
hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 7499,101s
Testing algorithm BC: MessageDigest.SHA-1 ->
org.bouncycastle.jce.provider.JDKMessageDigest$SHA1
aliases: [SHA1, SHA, 1.3.14.3.2.26]
Digest:SHA-1 Message Digest from BC 275951648768bytes x nul
hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 9275,935s
That is 35MiB/s vs. 28MiB/s vs. openssl 57MiB/s
Bernd
* cygwin dd if=/dev/zero bs=1M count=$[257*1024] | openssl SHA1
More information about the security-dev
mailing list