Peter, thank you this makes a lot of sense.

Thanks
Scott

----- Original Message ----- From: "Peter Rathlev" <[email protected]>
To: "Scott Granados" <[email protected]>
Cc: <[email protected]>
Sent: Monday, August 10, 2009 12:54 PM
Subject: Re: [c-nsp] ASA5520 different crypt options and general tuning question?


On Mon, 2009-08-10 at 11:20 -0700, Scott Granados wrote:
When would you want to use 3DES instead of say aes-256?  Is
there ever a reason you'd use MD5 instead of sha???

Legacy. You might need to establish a tunnel to some device that doesn't
know AES and/or SHA1.

Secondly, are there any good general documents for performance tuning?

Generally AES is better suited to 32-bit processors than 3DES, the
latter being a 168-bit cipher (3 x 56-bit) more suited for 7-bit
processors. So in theory you'd get better performance from a 128-bit AES
cipher than a 168-bit 3DES cipher and you would have better security.

Regards,
Peter



_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to