c-taylor opened a new issue, #13129: URL: https://github.com/apache/trafficserver/issues/13129
Certainly you could look at other algorithms, but SHA256 is already the fips alternative. It makes sense to also add another stronger/faster for algorithm agility at the same time. ---- ## Hash Algorithm Benchmark — OpenSSL `speed` across 4 CPUs ### Max hashes/sec @ 16B (smallest objects — per-call ceiling) | CPU | SHA-NI | SHA-512 hw | MD5 | SHA-256 | SHA-512 | Best | |---|:---:|:---:|---:|---:|---:|---| | 9555P (Zen 5, 2024) | ✅ | ✅ | 8.46 M/s | 11.59 M/s | 5.68 M/s | **SHA-256** | | EPYC 7502P (Zen 2, 2019) | ✅ | ❌ | 3.19 M/s | 3.92 M/s | 1.89 M/s | **SHA-256** | | Xeon 5218 (Cascade Lake, 2019) | ❌ | ❌ | 3.78 M/s | 2.77 M/s | 2.11 M/s | **MD5** | | E5-2660v3 (Haswell, 2014) | ❌ | ❌ | 3.11 M/s | 2.15 M/s | 1.51 M/s | **MD5** | ### Bulk throughput @ 16KB (MB/s) | CPU | SHA-NI | SHA-512 hw | MD5 | SHA-256 | SHA-512 | Best | |---|:---:|:---:|---:|---:|---:|---| | 9555P (Zen 5, 2024) | ✅ | ✅ | 951 | 2,107 | 1,223 | **SHA-256** | | EPYC 7502P (Zen 2, 2019) | ✅ | ❌ | 582 | 1,468 | 531 | **SHA-256** | | Xeon 5218 (Cascade Lake, 2019) | ❌ | ❌ | 580 | 376 | 559 | **MD5** | | E5-2660v3 (Haswell, 2014) | ❌ | ❌ | 541 | 291 | 418 | **MD5** | ### Generational speedup vs E5-2660v3 baseline (16KB bulk) | CPU | MD5 | SHA-256 | SHA-512 | |---|---:|---:|---:| | 9555P (Zen 5, 2024) | 1.76× | 7.25× | 2.93× | | EPYC 7502P (Zen 2, 2019) | 1.08× | 5.05× | 1.27× | | Xeon 5218 (Cascade Lake, 2019) | 1.07× | 1.29× | 1.34× | | E5-2660v3 (Haswell, 2014) | 1.00× | 1.00× | 1.00× | ### Key - **SHA-NI**: hardware SHA-256 acceleration (x86 SHA Extensions) - **SHA-512 hw**: hardware SHA-512 acceleration (AMD Zen 5+) - SHA-256 wins on any CPU with SHA-NI, often by 2–2.5× over MD5 - On non-SHA-NI CPUs, **SHA-512 beats SHA-256** in bulk (1.44×) due to 64-bit word size advantage - MD5 is fastest only on legacy Intel CPUs lacking SHA-NI, and only marginally so vs SHA-512 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
