On Mon, 2009-08-10 at 11:20 -0700, Scott Granados wrote: > When would you want to use 3DES instead of say aes-256? Is > there ever a reason you'd use MD5 instead of sha???
Legacy. You might need to establish a tunnel to some device that doesn't know AES and/or SHA1. > Secondly, are there any good general documents for performance tuning? Generally AES is better suited to 32-bit processors than 3DES, the latter being a 168-bit cipher (3 x 56-bit) more suited for 7-bit processors. So in theory you'd get better performance from a 128-bit AES cipher than a 168-bit 3DES cipher and you would have better security. Regards, Peter _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
