[c-nsp] ASA5520 different crypt options and general tuning question?

Peter Rathlev peter at rathlev.dk
Mon Aug 10 15:54:32 EDT 2009


On Mon, 2009-08-10 at 11:20 -0700, Scott Granados wrote:
> When would you want to use 3DES instead of say aes-256?  Is 
> there ever a reason you'd use MD5 instead of sha???

Legacy. You might need to establish a tunnel to some device that doesn't
know AES and/or SHA1.

> Secondly, are there any good general documents for performance tuning?

Generally AES is better suited to 32-bit processors than 3DES, the
latter being a 168-bit cipher (3 x 56-bit) more suited for 7-bit
processors. So in theory you'd get better performance from a 128-bit AES
cipher than a 168-bit 3DES cipher and you would have better security.

Regards,
Peter




More information about the cisco-nsp mailing list