On 16-06-15 23:17, Jan Just Keijser wrote: > On 16/06/15 16:40, Ralf Hildebrandt wrote: > I'd recommend > > cipher AES-256-CBC > auth SHA256
Agreed. > The main reason to use AES-256 is if you're using machines that are > optimized for AES (e.g. AES-NI capable CPU's). AES-256 is faster than > Blowfish on such CPU's. If speed is an issue, you might also consider AES-128-CBC, which is perfectly fine too by today's standards. > Increasing the auth (hash) size to 512 is not likely to increase > security, unless you are also issuing certificates signed using SHA512: > the control channel hashing algo is almost always the same as the algo > used to sign the certificates. > By using 'auth sha512' you could end up making the data channel more > securely hashed/signed (and a lot slower) than the control channel, > which does add a lot of extra security. Also, SHA256 can be hardware accelerated on a lot of modern hardware. SHA512 mostly can not. And SHA512 adds 64 bytes per packet, while SHA256 adds just 32 bytes. Especially for connections with lots of small packets (games, voip, video streams) that is a significant overhead. -Steffan ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
