On Feb 11, 2004, at 2:18 PM, Seth Goodman wrote:
[wayne]
... Until MTAs can accept 100,000 messages in around 1.4
seconds, using SHA1 isn't a problem.
Shevek's data is good enough proof for me that speed isn't an issue.
Since the MTA has to do other things than simply calculate a hash
function,
I respectfully disagree. SPF is supposed to be lightweight. Every
task you
add decreases system capacity. Ask the MTA vendors if they have CPU
cycles
to burn.
<mta vendor responds>
Certainly enough to calculate a md5 or sha1 checksum on a sub 64 byte
message. In fact, running with anti-irus support on we md5 fingerprint
12k messages and still stay above a million messages per hour.
CRC is not a secure hashing method, and randomizing of the key is not a
very tractable way to do it either. I'm torn between md5 and sha1 (I
personally think that md5 is sufficiently strong for this purpose), but
CRC is not a viable option.
George
// George Schlossnagle
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on earth