TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Tips & Tricks (http://www.talkphp.com/tips-tricks/)
-   -   Encryption Methods (http://www.talkphp.com/tips-tricks/1534-encryption-methods.html)

WinSrev 11-28-2007 02:22 AM
Encryption Methods
 
I wanted to see the speed of the methods, the final results of each are from encrypting 1 sentance 300,000 times in a loop.

Round 1
MD5 generated in 0.350 seconds.
Base64 generated in 0.007 seconds.
CRC32 generated in 0.006 seconds.
SHA1 generated in 0.012 seconds.

Round 2
MD5 generated in 0.360 seconds.
Base64 generated in 0.008 seconds.
CRC32 generated in 0.006 seconds.
SHA1 generated in 0.012 seconds.

Round 3
MD5 generated in 0.362 seconds.
Base64 generated in 0.007 seconds.
CRC32 generated in 0.007 seconds.
SHA1 generated in 0.012 seconds.

Feel free to discuss :)

Salathe 11-28-2007 02:48 AM
I'm not too sure if base64 encoding has a place in a comparison like this -- being the only method here which is two-way. Interestingly, my own tests on my local machine suggest that SHA1 is slowest, closely followed by MD5, then in about one third of the time comes in base64_encode again closely followed by the winner (for me) CRC32. Clearly, a different pattern than is shown above!

I'd like to investigate further with more thorough benchmarking, just out of curiosity more than usefulness. :)

Wildhoney 11-28-2007 02:59 AM
Why is MD5 so slow in comparison to SHA1? Being a shorter hash I'd have expected it to have been somewhat faster. Armed with the fact that both SHA1 and MD5 are irreversible, does it not seem logical to suggest that MD5 is technically worse than SHA1?

sketchMedia 11-28-2007 03:15 AM
I just did a quick test:

First Test (for loop)
I used the string 'talkphp' and looped each method 300000 times in a for loop.
rounded to 3dp

SHA-1 : 0.349 //average
MD5: 0.307 //average


Second Test (while loop)
I used the same string and loop number, but i used a while loop as it seems to be quicker than for.

SHA-1: 0.343 //average
MD5: 0.301 //average

MD5 is slightly quicker on my machine anyway, ill do some indepth benchmarking in a mo.
Ill test others too, apart from base64 coz its 2way.

WinSrev 11-28-2007 03:31 AM
Is everyone using the latest PHP? and my results are real, i'd be happy to test someone elses code if they post it.

Wildhoney 11-28-2007 04:15 AM
Somebody give me their code and I'll have myself a test!

sketchMedia 11-28-2007 07:25 PM
Right, i just very quickly coded this little test script.
It runs 20 times, then takes the average of 20 iterations.

PHP Code:
<?php


$iterations 20;
$result 0;

for($i 0$i $iterations$i++)
{
    $test runTest();
    echo '<b>Iteration '.($i 1).'</b>: '.$test.'<br />';
    $result += $test;
    
}
$average = ($result $iterations);

echo '<br /><b>Average of '.$iterations.'</b> iterations is '.$average.'<br /> <b>Rounded to 3dp</b> '.round($average3);




function runTest()
{
    $string 'talkphp.com';
    $loop 30000;
    $i 0;

    $time_start microtime(true);


    //Do While
/*    do
    {
        md5($string);
        //sha1($string);
        $i++;
    }
    while ($i < $loop);*/

    //While
    /*while($i < $loop)
    {
    md5($string);
    //sha1($string);
    }*/
    //For
    /*for ($i = 0; $i < $loop; $i++)
    {
    md5($string);
    //sha1($string);
    }*/


    $time_end microtime(true);
    $time = ($time_end $time_start);

    return $time;
}
Still seems to show that MD5 is quicker than SHA-1.

just uncomment the type of test u want to run i.e for loop etc.

note because i am running PHP5 i can call microtime(true) because they changed it in php5, in php4 you need something like so:
PHP Code:
function microtime_float()
{
    list($usec$sec) = explode(" "microtime());
    return ((float)$usec + (float)$sec);
}

$time_start microtime_float();

$time_end microtime_float(); 

WinSrev 11-28-2007 08:41 PM
That's much different from how i did it, i'll get back to you on that.
I started my timer, did a while loop with md5, etc.. in it then ended the time and displayed it.

sketchMedia 11-28-2007 10:33 PM
well the theory is the same (I'm guessing from how you did it) i.e.
  1. Get time of script start
  2. Do stuff
  3. Get time of script end
  4. take the difference of start and stop times
Then u have your script execution time, just i wanted to give it a thorough test in other words running it 20 times and taking an average.

SOCK 11-29-2007 02:00 AM
I'd just like to point out that nothing you're doing involves encryption. Of the methods shown, SHA1 is the only one I'd accept to perform a hash on non-critical data.

SOCK 11-29-2007 02:01 AM
Quote:
Originally Posted by Wildhoney (Post 4667)
... Armed with the fact that both SHA1 and MD5 are irreversible, does it not seem logical to suggest that MD5 is technically worse than SHA1?
Technically irreversible, yes. Unbreakable, no. :-)

Wildhoney 11-29-2007 02:04 AM
Quote:
Originally Posted by Admin (Post 4741)
Of the methods shown, SHA1 is the only one I'd accept to perform a hash on non-critical data.
Are you saying SHA1 is insecure? And if so, based on what? I was under the impression that SHA1, like MD5, is irreversible. However, SHA1, again like MD5, is susceptible to methods such as rainbow tables and thus apart from their speed and length, are inseperable.

sketchMedia 11-29-2007 02:59 AM
Quote:
I'd just like to point out that nothing you're doing involves encryption. Of the methods shown, SHA1 is the only one I'd accept to perform a hash on non-critical data.
You do have a valid point, technically 'encryption' is a method to convert 'plain text' into an unreadable format for unauthorized people i.e. someone without the key to unlock the data back into 'readable' text, therfore its 'two way', and a 'Hash' is one-way, but the definition states that encryption is 'two way' so therefore a 'hash' isnt encryption as (technically) it cannot be undone. But in my mind there both types of encryption algorithms.

As far as i understand both MD5 and SHA-1 have both been deemed 'not as secure as they used to be' because or the numerous types of 'cracking' techniques and SHA-1 was compromised by a research team in China and it’s use has been discontinued by the U.S Government in favor of the SHA-2 family of hashing algorithms.
I think people should start using php's hash function more, as it allows you to hash to more than just MD5 and SHA-1.

WinSrev 11-29-2007 08:25 AM
All these methods are encryption, encryption doesn't always have to be secure. It just changes the original object into a new string which is pretty much unreadable to a normal person, in my opinion it is encryption.

Wildhoney 11-29-2007 02:59 PM
I found a little timer script on the php.net page for hash(). May be worth having a go with it:

php Code:
$algos = hash_algos();
$word="hola";

foreach($algos as $algo)
{
    echo $algo.": ";
    $time=microtime(1);
    echo hash($algo, $word);
    echo "<br>".(microtime(1)-$time)."<br><hr>";
}

sketchMedia 11-29-2007 04:42 PM
thats an interesting little script that, ill have to have a prat around with that methinks.


All times are GMT. The time now is 09:37 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0