 |
Account Login
|
 |
|
Latest Articles
|
|
|
IRC Channel
|
|
|
Associates
|
|
|
Associates
|
|
|
 |
|
|
|
11-28-2007, 02:22 AM
|
#1 (permalink)
|
|
The Acquainted
Join Date: Sep 2007
Posts: 133
Thanks: 6
|
Encryption Methods
I wanted to see the speed of the methods, the final results of each are from encrypting 1 sentance 300,000 times in a loop.
Round 1
MD5 generated in 0.350 seconds.
Base64 generated in 0.007 seconds.
CRC32 generated in 0.006 seconds.
SHA1 generated in 0.012 seconds.
Round 2
MD5 generated in 0.360 seconds.
Base64 generated in 0.008 seconds.
CRC32 generated in 0.006 seconds.
SHA1 generated in 0.012 seconds.
Round 3
MD5 generated in 0.362 seconds.
Base64 generated in 0.007 seconds.
CRC32 generated in 0.007 seconds.
SHA1 generated in 0.012 seconds.
Feel free to discuss :)
|
|
|
|
11-28-2007, 02:48 AM
|
#2 (permalink)
|
|
Moderateur
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
|
I'm not too sure if base64 encoding has a place in a comparison like this -- being the only method here which is two-way. Interestingly, my own tests on my local machine suggest that SHA1 is slowest, closely followed by MD5, then in about one third of the time comes in base64_encode again closely followed by the winner (for me) CRC32. Clearly, a different pattern than is shown above!
I'd like to investigate further with more thorough benchmarking, just out of curiosity more than usefulness. :)
|
|
|
|
|
11-28-2007, 02:59 AM
|
#3 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
Why is MD5 so slow in comparison to SHA1? Being a shorter hash I'd have expected it to have been somewhat faster. Armed with the fact that both SHA1 and MD5 are irreversible, does it not seem logical to suggest that MD5 is technically worse than SHA1?
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
11-28-2007, 03:15 AM
|
#4 (permalink)
|
|
The Prestige
Join Date: Oct 2007
Location: Manchester, UK
Posts: 854
Thanks: 32
|
I just did a quick test:
First Test (for loop)
I used the string 'talkphp' and looped each method 300000 times in a for loop.
rounded to 3dp
SHA-1 : 0.349 //average
MD5: 0.307 //average
Second Test (while loop)
I used the same string and loop number, but i used a while loop as it seems to be quicker than for.
SHA-1: 0.343 //average
MD5: 0.301 //average
MD5 is slightly quicker on my machine anyway, ill do some indepth benchmarking in a mo.
Ill test others too, apart from base64 coz its 2way.
__________________
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
|
|
|
|
|
11-28-2007, 03:31 AM
|
#5 (permalink)
|
|
The Acquainted
Join Date: Sep 2007
Posts: 133
Thanks: 6
|
Is everyone using the latest PHP? and my results are real, i'd be happy to test someone elses code if they post it.
|
|
|
|
|
11-28-2007, 04:15 AM
|
#6 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
Somebody give me their code and I'll have myself a test!
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
11-28-2007, 07:25 PM
|
#7 (permalink)
|
|
The Prestige
Join Date: Oct 2007
Location: Manchester, UK
Posts: 854
Thanks: 32
|
Right, i just very quickly coded this little test script.
It runs 20 times, then takes the average of 20 iterations.
PHP Code:
<?php
$iterations = 20;
$result = 0;
for($i = 0; $i < $iterations; $i++)
{
$test = runTest();
echo '<b>Iteration '.($i + 1).'</b>: '.$test.'<br />';
$result += $test;
}
$average = ($result / $iterations);
echo '<br /><b>Average of '.$iterations.'</b> iterations is '.$average.'<br /> <b>Rounded to 3dp</b> '.round($average, 3);
function runTest()
{
$string = 'talkphp.com';
$loop = 30000;
$i = 0;
$time_start = microtime(true);
//Do While
/* do
{
md5($string);
//sha1($string);
$i++;
}
while ($i < $loop);*/
//While
/*while($i < $loop)
{
md5($string);
//sha1($string);
}*/
//For
/*for ($i = 0; $i < $loop; $i++)
{
md5($string);
//sha1($string);
}*/
$time_end = microtime(true);
$time = ($time_end - $time_start);
return $time;
}
Still seems to show that MD5 is quicker than SHA-1.
just uncomment the type of test u want to run i.e for loop etc.
note because i am running PHP5 i can call microtime(true) because they changed it in php5, in php4 you need something like so:
PHP Code:
function microtime_float()
{
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
$time_start = microtime_float();
$time_end = microtime_float();
__________________
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
|
|
|
|
|
11-28-2007, 08:41 PM
|
#8 (permalink)
|
|
The Acquainted
Join Date: Sep 2007
Posts: 133
Thanks: 6
|
That's much different from how i did it, i'll get back to you on that.
I started my timer, did a while loop with md5, etc.. in it then ended the time and displayed it.
|
|
|
|
|
11-28-2007, 10:33 PM
|
#9 (permalink)
|
|
The Prestige
Join Date: Oct 2007
Location: Manchester, UK
Posts: 854
Thanks: 32
|
well the theory is the same (I'm guessing from how you did it) i.e. - Get time of script start
- Do stuff
- Get time of script end
- take the difference of start and stop times
Then u have your script execution time, just i wanted to give it a thorough test in other words running it 20 times and taking an average.
__________________
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
|
|
|
|
|
11-29-2007, 02:00 AM
|
#10 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 154
Thanks: 31
|
I'd just like to point out that nothing you're doing involves encryption. Of the methods shown, SHA1 is the only one I'd accept to perform a hash on non-critical data.
|
|
|
|
|
11-29-2007, 02:01 AM
|
#11 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 154
Thanks: 31
|
Quote:
Originally Posted by Wildhoney
... Armed with the fact that both SHA1 and MD5 are irreversible, does it not seem logical to suggest that MD5 is technically worse than SHA1?
|
Technically irreversible, yes. Unbreakable, no.  |
|
|
|
|
11-29-2007, 02:04 AM
|
#12 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
Quote:
Originally Posted by Admin
Of the methods shown, SHA1 is the only one I'd accept to perform a hash on non-critical data.
|
Are you saying SHA1 is insecure? And if so, based on what? I was under the impression that SHA1, like MD5, is irreversible. However, SHA1, again like MD5, is susceptible to methods such as rainbow tables and thus apart from their speed and length, are inseperable.
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
11-29-2007, 02:59 AM
|
#13 (permalink)
|
|
The Prestige
Join Date: Oct 2007
Location: Manchester, UK
Posts: 854
Thanks: 32
|
Quote:
|
I'd just like to point out that nothing you're doing involves encryption. Of the methods shown, SHA1 is the only one I'd accept to perform a hash on non-critical data.
|
You do have a valid point, technically 'encryption' is a method to convert 'plain text' into an unreadable format for unauthorized people i.e. someone without the key to unlock the data back into 'readable' text, therfore its 'two way', and a 'Hash' is one-way, but the definition states that encryption is 'two way' so therefore a 'hash' isnt encryption as (technically) it cannot be undone. But in my mind there both types of encryption algorithms.
As far as i understand both MD5 and SHA-1 have both been deemed 'not as secure as they used to be' because or the numerous types of 'cracking' techniques and SHA-1 was compromised by a research team in China and it’s use has been discontinued by the U.S Government in favor of the SHA-2 family of hashing algorithms.
I think people should start using php's hash function more, as it allows you to hash to more than just MD5 and SHA-1.
__________________
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
|
|
|
|
|
11-29-2007, 08:25 AM
|
#14 (permalink)
|
|
The Acquainted
Join Date: Sep 2007
Posts: 133
Thanks: 6
|
All these methods are encryption, encryption doesn't always have to be secure. It just changes the original object into a new string which is pretty much unreadable to a normal person, in my opinion it is encryption.
|
|
|
|
|
11-29-2007, 02:59 PM
|
#15 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
I found a little timer script on the php.net page for hash(). May be worth having a go with it:
php Code:
$algos = hash_algos (); $word= "hola"; foreach($algos as $algo){ echo $algo. ": "; $time= microtime(1); echo hash ($algo, $word); echo "<br>". (microtime(1)- $time). "<br><hr>"; }
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
11-29-2007, 04:42 PM
|
#16 (permalink)
|
|
The Prestige
Join Date: Oct 2007
Location: Manchester, UK
Posts: 854
Thanks: 32
|
thats an interesting little script that, ill have to have a prat around with that methinks.
__________________
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Join the friendly bunch on IRC...
