Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Report on MD5 Performance (RFC1810)

IP.com Disclosure Number: IPCOM000004067D
Original Publication Date: 1995-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 6 page(s) / 16K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Touch: AUTHOR

Abstract

MD5 is an authentication algorithm, which has been proposed as the default authentication option in IPv6. When enabled, the MD5 algorithm operates over the entire data packet, including header. This RFC addresses how fast MD5 can be implemented in software and hardware, and whether it supports currently available IP bandwidth. MD5 can be implemented in existing hardware technology at 256 Mbps, and in software at 87 Mbps. These rates cannot support current IP rates, e.g., 100 Mbps TCP and 130 Mbps UDP over ATM. If MD5 cannot support existing network bandwidth using existing technology, it will not scale as network speeds increase in the future. This RFC is intended to alert the IP community about the performance limitations of MD5, and to suggest that alternatives be considered for use in high speed IP implementations.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 17% of the total text.

Network Working Group J. Touch

Request for Comments: 1810 ISI

Category: Informational June 1995

Report on MD5 Performance

Status of this Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

MD5 is an authentication algorithm, which has been proposed as the

default authentication option in IPv6. When enabled, the MD5

algorithm operates over the entire data packet, including header.

This RFC addresses how fast MD5 can be implemented in software and

hardware, and whether it supports currently available IP bandwidth.

MD5 can be implemented in existing hardware technology at 256 Mbps,

and in software at 87 Mbps. These rates cannot support current IP

rates, e.g., 100 Mbps TCP and 130 Mbps UDP over ATM. If MD5 cannot

support existing network bandwidth using existing technology, it will

not scale as network speeds increase in the future. This RFC is

intended to alert the IP community about the performance limitations

of MD5, and to suggest that alternatives be considered for use in

high speed IP implementations.

Introduction

MD5 is an authentication algorithm, which has been proposed as one

authentication option in IPv6 [1]. RFC 1321 describes the MD5

algorithm and gives a reference implementation [3]. When enabled,

the MD5 algorithm operates over the entire data packet, including

header (with dummy values for volatile fields). This RFC addresses

how fast MD5 can be implemented in software and hardware, and whether

it supports currently available IP bandwidth.

This RFC considers the general issue of checksumming and security at

high speed in IPv6. IPv6 has no header checksum (which IPv4 has

[5]), but proposes an authentication digest over the entire body of

the packet (including header where volatile fields are zeroed) [1].

This RFC specifically addresses the performance of that

authentication mechanism.

Measurements

The performance of MD5 was measured. The code was an optimized

version of the MD5 reference implementation from the RFC [3], and is

available for anonymous FTP [7]. The following are the results of

the performance test "md5 -t", modified to prohibit on-chip caching

of the data block:

87 Mbps DEC Alpha (190 Mhz)

33 Mbps HP 9000/720

48 Mbps IBM RS/6000 7006 (PPC 601 @80 Mhz)

31 Mbps Intel i486/66 NetBSD

44 Mb...