Best Performance with 2.3 and AES-NI?
-
If one has a modern Intel CPU with AES-NI (hardware crypto reports: AES-CBC,AES-XTS,AES-GCM,AES-ICM
), will AES128-GCM + SHA1 result in the best performance? Or would changing the hashing algorithm to AES-XCBC offer better performance than SHA1? -
Change your hashing to AES-XCBC because that will get accelerated by AES-NI since it's AES (of course).
The hashing algorithm really doesn't matter that much, because an attacker still needs to break to break the encryption layer, so AES-XCBC is perfectly fine and will be accelerated by AES-NI.
Everyone should always choose AES-XCBC when using AES-GCM.
I hope that helps.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.