Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best Performance with 2.3 and AES-NI?

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mevans336
      last edited by

      If one has a modern Intel CPU with AES-NI (hardware crypto reports: AES-CBC,AES-XTS,AES-GCM,AES-ICM
      )
      , will AES128-GCM + SHA1 result in the best performance? Or would changing the hashing algorithm to AES-XCBC offer better performance than SHA1?

      1 Reply Last reply Reply Quote 0
      • nzkiwi68N
        nzkiwi68
        last edited by

        Change your hashing to AES-XCBC because that will get accelerated by AES-NI since it's AES (of course).

        The hashing algorithm really doesn't matter that much, because an attacker still needs to break to break the encryption layer, so AES-XCBC is perfectly fine and will be accelerated by AES-NI.

        Everyone should always choose AES-XCBC when using AES-GCM.

        I hope that helps.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.