Jean Everson Martina wrote:
> Typically 3DES is the best choice for site to site
>> between m0n0wall and some other IPsec device, for interoperability
>> purposes. For software encryption (i.e. no hardware crypto card),
>> Blowfish is by far the fastest. If you switched to 3DES, you'd see a
>> marked decrease in throughput (and/or increase in CPU utilization).
> Hi all,
> I researched on this area for sometime. I have made some testing
> using site-to-site tunnels, and for sure, blowfish is the best
> relation between throughput and CPU utilization. Other things that is
> very interesting is that with blowfish, no matter what the the key
> size is, it works faster than other algorithims in software and in
> hardware(using same specs hardware) with the same key size.
> But people does not use it very much because it is not the NIST
support for the VIA AES accelerators appears to be either in, or very
close in FreeBSD 6.0. Perhaps a future version of m0n0wall will be
based on same, or someone will "backport" the Via Padlock support to 4.11.