[ previous ] [ next ] [ threads ]
 From:  Jim Thompson <jim at netgate dot com>
 To:  Jean Everson Martina <everson at inf dot ufsc dot br>
 Cc:  Chris Buechler <cbuechler at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] False sense of (IPsec)urity?
 Date:  Tue, 08 Nov 2005 01:33:17 -1000
Jean Everson Martina wrote:

>  Typically 3DES is the best choice for site to site
>> between m0n0wall and some other IPsec device, for interoperability
>> purposes.  For software encryption (i.e. no hardware crypto card),
>> Blowfish is by far the fastest.  If you switched to 3DES, you'd see a
>> marked decrease in throughput (and/or increase in CPU utilization).
> Hi all,
>     I researched on this area for sometime. I have made some testing 
> using site-to-site tunnels, and for sure, blowfish is the best 
> relation between throughput and CPU utilization. Other things that is 
> very interesting is that with  blowfish, no matter what the the key 
> size is, it works faster than other algorithims in software and in 
> hardware(using same specs hardware) with the same key size.
>     But people does not use it very much because it is not the NIST 
> standard....

support for the VIA AES accelerators appears to be either in, or very 
close in FreeBSD 6.0.  Perhaps a future version of m0n0wall will be 
based on same, or someone will "backport" the Via Padlock support to 4.11.