Peter, thank you this makes a lot of sense.
Thanks
Scott
----- Original Message -----
From: "Peter Rathlev" <[email protected]>
To: "Scott Granados" <[email protected]>
Cc: <[email protected]>
Sent: Monday, August 10, 2009 12:54 PM
Subject: Re: [c-nsp] ASA5520 different crypt options and general tuning
question?
On Mon, 2009-08-10 at 11:20 -0700, Scott Granados wrote:
When would you want to use 3DES instead of say aes-256? Is
there ever a reason you'd use MD5 instead of sha???
Legacy. You might need to establish a tunnel to some device that doesn't
know AES and/or SHA1.
Secondly, are there any good general documents for performance tuning?
Generally AES is better suited to 32-bit processors than 3DES, the
latter being a 168-bit cipher (3 x 56-bit) more suited for 7-bit
processors. So in theory you'd get better performance from a 128-bit AES
cipher than a 168-bit 3DES cipher and you would have better security.
Regards,
Peter
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/