nanog mailing list archives
Re: MD5 is slow
From: Dan Collins via NANOG <nanog () lists nanog org>
Date: Fri, 5 Sep 2025 12:41:48 -0400
On Fri, Sep 5, 2025, 03:22 Vasilenko Eduard via NANOG <nanog () lists nanog org> wrote:
Any hash MUST be slow (by design) to withstand brute force. In the network device case, it is about 5ms for SHA-2 (of course, dependent on the control plane processor).
It is not necessary for a cryptographic hash function to be slow (on the order of milliseconds), nor is it true that SHA2 is designed to be slow, or that it is that slow on short inputs. Even relatively weak processors can compute millions of hashes per second with SHA2 hash functions. If you could find a way to compute hashes a million times faster, and used that in a brute-force preimage attack, you'd be shaving off the equivalent of 20 bits of difficulty - not near enough to make a brute force attack on a 256-bit hash tractible. The case where you do care about speed is when you're dealing with password hashing, for example. The threat is a dictionary attack, since testing even the most common 10,000 passwords against a database of user accounts is very likely to compromise a good percentage of them. Using pbkdf2, or bcrypt, or argon2, allows you to slow that down. But that's only because we know that a lot of people use simple or common passwords. You're likely to get some hits even in the first few thousand attempts. For signing or message integrity checking, that isn't the case. If you're trying to find a second public key (or any other message) corresponding to a specific predetermined hash value, by brute force, the probability of each attempt succeeding is 2^-n. Even if you could try a million hashes per microsecond on every CPU that exists on the planet Earth, we're talking about something like 10^40 years to succeed at a sha-256 preimage attack. 128 bit hashes would be faster but still not remotely possible.
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/D3UQJIORDJL4DUL225SHVPYYMDUYEDQ4/
Current thread:
- MD5 is slow Vasilenko Eduard via NANOG (Sep 05)
- Re: MD5 is slow Saku Ytti via NANOG (Sep 05)
- Re: MD5 is slow Saku Ytti via NANOG (Sep 05)
- RE: MD5 is slow Vasilenko Eduard via NANOG (Sep 08)
- Re: MD5 is slow Saku Ytti via NANOG (Sep 08)
- Re: MD5 is fast nanog--- via NANOG (Sep 08)
- Re: MD5 is fast Owen DeLong via NANOG (Sep 08)
- Re: MD5 is slow Jay Acuna via NANOG (Sep 08)
- RE: MD5 is slow Vasilenko Eduard via NANOG (Sep 08)
- Re: MD5 is slow Dan Collins via NANOG (Sep 05)
- Re: MD5 is slow brent saner via NANOG (Sep 05)
- Re: MD5 is slow Jay Acuna via NANOG (Sep 05)
- RE: MD5 is slow Vasilenko Eduard via NANOG (Sep 08)
- Re: MD5 is slow Jeffrey Haas via NANOG (Sep 08)
- RE: MD5 is slow Vasilenko Eduard via NANOG (Sep 08)
- Re: MD5 is slow Randy Bush via NANOG (Sep 05)
- Re: MD5 is slow Randy Bush via NANOG (Sep 05)
- Re: MD5 is slow Jay Acuna via NANOG (Sep 05)