On Dec 16, 2009, at 6:36 AM, rahul bharadhwaj wrote: Hi all
Could anyone let me know which crypt algo des/3des/aes should be used with aes-xcbc-mac hashing. As aes-xcbc-mac uses aes for authentication and integrity, is it correct to apply des for encryption or is there any restriction. Thanks in advance rb Hi. We generally regard encryption and integrity to be orthogonal, so you can mix and match as you'd like as long as all algorithms are strong enough. Some have an aesthetic preference to match key strengths, so they wouldn't use 56-bit DES with HMAC-SHA-512. But if your security requirements are for 56-bit, there is no reason not to use DES. If you have more stringent requirements, either 3DES or AES would be good. Usually AES is better performing, so you would usually prefer that.
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec