In <MHEGIFHMACFNNIMMBACAEEPFHGAA(_dot_)sethg(_at_)GoodmanAssociates(_dot_)com>
"Seth Goodman" <sethg(_at_)GoodmanAssociates(_dot_)com> writes:
Why do I even suggest this? According to the paper that George cited,
CRC32b had a slightly better evenness of distribution than SHA1 (8 compared
to just under 7, so let's just call them equivalent) while it took about
half the time to compute. [....]
This is significant. [ ... ]
I disagree that this factor of two is significant. Shevek points out
that "I can perform 100,000 HMAC SHA1 encryptions in Perl on my
desktop PC in 1.4 seconds. In C, the performance will double or
treble." Until MTAs can accept 100,000 messages in around 1.4
seconds, using SHA1 isn't a problem.
Shevek's data is good enough proof for me that speed isn't an issue.
-wayne