SHA-1 correctness and speed

Sean Mullan sean.mullan at oracle.com
Wed Nov 20 21:43:50 UTC 2013 

Hi Bernd,

Thanks for sharing the analysis and results. And good to know it isn't 
an issue in SunJCE.

--Sean

On 11/15/2013 06:40 PM, Bernd Eckenfels wrote:
> Hello,
>
> you might have seen it, on the pgp-devel mailing list there was a thread
> about a counter overflow in some message digest implementations of
> libcrypt (affecting GnuPG MIC+Sign). With hashed data > 256GB there are
> wrong hashes calculated.
>
> http://lists.gnupg.org/pipermail/gnupg-devel/2013-November/028041.html
>
> This motivated me to test Java implementation for the mentioned 257GB
> test vectors. SunJCE and BC are not affected. I want to share with you
> the code and results anyway.
>
> https://github.com/ecki/JavaCryptoTest/blob/master/src/main/java/net/eckenfels/test/jce/HashOverflowTest.java
>
>
> NB: BC implementation is slower than JCE implementation:
>
> This is testing mit 257*1024 times a 1MB nul buffer:
>
> == HashOverflowTest on Java HotSpot(TM) 64-Bit Server VM
> 1.7.0_09-b05/23.5-b02 (Oracle Corporation)
>       @ Windows 7 6.1 amd64 Service Pack 1 ==
> Testing algorithm SUN: MessageDigest.SHA -> sun.security.provider.SHA
>    aliases: [SHA-1, SHA1] attributes: {ImplementedIn=Software}
>   Digest:SHA-1 Message Digest from SUN 275951648768bytes x nul
> hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 1310,562s
>
> Testing algorithm BC: MessageDigest.SHA-1 ->
> org.bouncycastle.jce.provider.JDKMessageDigest$SHA1
>    aliases: [SHA1, SHA, 1.3.14.3.2.26]
>   Digest:SHA-1 Message Digest from BC 275951648768bytes x nul
> hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 1529,284s
>
> That is Sun 200MiB/s vs BC 172 Mib/s vs. openssl* 308MiB/s (i7-2600
> @3,40GHz )
>
> On a slower system:
>
> Testing algorithm SUN: MessageDigest.SHA -> sun.security.provider.SHA
>    aliases: [SHA-1, SHA1] attributes: {ImplementedIn=Software}
>   Digest:SHA-1 Message Digest from SUN 275951648768bytes x nul
> hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 7499,101s
>
> Testing algorithm BC: MessageDigest.SHA-1 ->
> org.bouncycastle.jce.provider.JDKMessageDigest$SHA1
>    aliases: [SHA1, SHA, 1.3.14.3.2.26]
>   Digest:SHA-1 Message Digest from BC 275951648768bytes x nul
> hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 9275,935s
>
> That is 35MiB/s vs. 28MiB/s vs. openssl 57MiB/s
>
> Bernd
>
> * cygwin dd if=/dev/zero bs=1M count=$[257*1024] | openssl SHA1

More information about the security-dev mailing list