This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Encr. Algos / compression questions

Of all the encr. algos available to select for tunnel encryption(not IKE), what are their differences(besides the key lenght)?
at the same key lenght, ¿who is the most secure?
¿who consumes the most CPU?.

and about compression:
what's the *usual* compression ratio(i would guess that the deflate is used ona packet by packet MTU basis or is it used in 1K/4K blocks?).
do i gain or loose latency by enabling compression?

This thread was automatically locked due to age.

Parents

0 cyclops over 21 years ago

Guillermo Lovato,

my choice is AES since it is the new encryption standard. It is pretty fast and highly secure - a 128bit key length should be enough but if you have a powerful machine you could run the vpn with 256 bit keys also. 3DES is a strong enc. algo as well but as the name already expresses it eats up a lot of CPU time since it needs three encryption cycles to encrypt a packet. For best compatibility to third party products there is often no other choice than 3DES.

Compression is a mystery somehow - at big pipes it even slows down the connection... I suggest to leave it off.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 cyclops over 21 years ago

Guillermo Lovato,

my choice is AES since it is the new encryption standard. It is pretty fast and highly secure - a 128bit key length should be enough but if you have a powerful machine you could run the vpn with 256 bit keys also. 3DES is a strong enc. algo as well but as the name already expresses it eats up a lot of CPU time since it needs three encryption cycles to encrypt a packet. For best compatibility to third party products there is often no other choice than 3DES.

Compression is a mystery somehow - at big pipes it even slows down the connection... I suggest to leave it off.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data