Re: [m0n0wall] False sense of (IPsec)urity?

From:	Jean Everson Martina <everson at inf dot ufsc dot br>
To:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] False sense of (IPsec)urity?
Date:	Tue, 08 Nov 2005 09:04:06 -0200

Typically 3DES is the best choice for site to site
> between m0n0wall and some other IPsec device, for interoperability
> purposes.  For software encryption (i.e. no hardware crypto card),
> Blowfish is by far the fastest.  If you switched to 3DES, you'd see a
> marked decrease in throughput (and/or increase in CPU utilization).

Hi all,


	I researched on this area for sometime. I have made some testing using 
site-to-site tunnels, and for sure, blowfish is the best relation 
between throughput and CPU utilization. Other things that is very 
interesting is that with  blowfish, no matter what the the key size is, 
it works faster than other algorithims in software and in hardware(using 
same specs hardware) with the same key size.
	But people does not use it very much because it is not the NIST 
standard....



Jean