[c-nsp] ASA5520 different crypt options and general tuning question?
Scott Granados
gsgranados at comcast.net
Mon Aug 10 16:35:01 EDT 2009
Peter, thank you this makes a lot of sense.
Thanks
Scott
----- Original Message -----
From: "Peter Rathlev" <peter at rathlev.dk>
To: "Scott Granados" <gsgranados at comcast.net>
Cc: <cisco-nsp at puck.nether.net>
Sent: Monday, August 10, 2009 12:54 PM
Subject: Re: [c-nsp] ASA5520 different crypt options and general tuning
question?
> On Mon, 2009-08-10 at 11:20 -0700, Scott Granados wrote:
>> When would you want to use 3DES instead of say aes-256? Is
>> there ever a reason you'd use MD5 instead of sha???
>
> Legacy. You might need to establish a tunnel to some device that doesn't
> know AES and/or SHA1.
>
>> Secondly, are there any good general documents for performance tuning?
>
> Generally AES is better suited to 32-bit processors than 3DES, the
> latter being a 168-bit cipher (3 x 56-bit) more suited for 7-bit
> processors. So in theory you'd get better performance from a 128-bit AES
> cipher than a 168-bit 3DES cipher and you would have better security.
>
> Regards,
> Peter
>
>
More information about the cisco-nsp
mailing list