Milter-greylist

On Tue, 1 Jun 2004, Emmanuel Dreyfus wrote:
> I have no idea how costly is cryptographic hash computing. Are you sure
> it won't consume more CPU if we go that way?

sha1 isnt _that_ expensive. Figure about 4000 cycles for 64 bytes.
This means on typical 1ghz cpu you can do 250,000 sha1/sec.

> >   - I would recommend sha1 over md5 since it is more collision resistent
> I was wondering what was the best hash to use here. I suspect we don't care
> about the security usage of hashes (ie: it is difficult to create two identical
> hashes with different data on purpose), but we need efficiency, and collision 
> resistance.

sha1 is more resistant. there have been studies (and warnings) of 
collisions on md5.

-Dan