According to http://www.ph.tn.tudelft.nl/~visser/hashes.html,
ftp://ftp.rsa.com/pub/pdfs/bulletn4.pdf and
http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html, MD5 (as in RFC
1321) is not as collision-resistant as hoped. But nobody has yet come up
with two strings that have the same MD5 checksum - it would be quite
bizarre if Squid hit two URLs that collided.
They give performance figures of 16Mb/sec for MD5 on a 90MHz Pentium (in
hand-tuned assembler - half that in portable C). RIPEMD-160 is three
times slower.
Of course, if Squid contained MD5 code, it would need to obey the
following:
License is also granted to make and use derivative works
provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
(NB RIPEMD-160, as well as being recommended by RSA as a replacement for
MD5, does not have such restrictions).
For a reasonable hash, 16 to 20 bytes should be fine. Of course, it
makes it harder to analyse the contents of your cache if you don't keep
the URLs around.
Ian Redfern (redferni@logica.com).
Received on Tue Jul 29 2003 - 13:15:42 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:23 MST