[c-nsp] ASA5520 different crypt options and general tuning question?
Peter Rathlev
peter at rathlev.dk
Mon Aug 10 15:54:32 EDT 2009
On Mon, 2009-08-10 at 11:20 -0700, Scott Granados wrote:
> When would you want to use 3DES instead of say aes-256? Is
> there ever a reason you'd use MD5 instead of sha???
Legacy. You might need to establish a tunnel to some device that doesn't
know AES and/or SHA1.
> Secondly, are there any good general documents for performance tuning?
Generally AES is better suited to 32-bit processors than 3DES, the
latter being a 168-bit cipher (3 x 56-bit) more suited for 7-bit
processors. So in theory you'd get better performance from a 128-bit AES
cipher than a 168-bit 3DES cipher and you would have better security.
Regards,
Peter
More information about the cisco-nsp
mailing list