RFC 1810 (rfc1810) - Page 1 of 7


Report on MD5 Performance



Alternative Format: Original Text Document



Network Working Group                                           J. Touch
Request for Comments: 1810                                           ISI
Category: Informational                                        June 1995


                       Report on MD5 Performance

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Abstract

   MD5 is an authentication algorithm, which has been proposed as the
   default authentication option in IPv6.  When enabled, the MD5
   algorithm operates over the entire data packet, including header.
   This RFC addresses how fast MD5 can be implemented in software and
   hardware, and whether it supports currently available IP bandwidth.
   MD5 can be implemented in existing hardware technology at 256 Mbps,
   and in software at 87 Mbps.  These rates cannot support current IP
   rates, e.g., 100 Mbps TCP and 130 Mbps UDP over ATM.  If MD5 cannot
   support existing network bandwidth using existing technology, it will
   not scale as network speeds increase in the future.  This RFC is
   intended to alert the IP community about the performance limitations
   of MD5, and to suggest that alternatives be considered for use in
   high speed IP implementations.

Introduction

   MD5 is an authentication algorithm, which has been proposed as one
   authentication option in IPv6 [1].  RFC 1321 describes the MD5
   algorithm and gives a reference implementation [3].  When enabled,
   the MD5 algorithm operates over the entire data packet, including
   header (with dummy values for volatile fields).  This RFC addresses
   how fast MD5 can be implemented in software and hardware, and whether
   it supports currently available IP bandwidth.

   This RFC considers the general issue of checksumming and security at
   high speed in IPv6.  IPv6 has no header checksum (which IPv4 has
   [5]), but proposes an authentication digest over the entire body of
   the packet (including header where volatile fields are zeroed) [1].
   This RFC specifically addresses the performance of that
   authentication mechanism.






Touch                        Informational