Hi, On 15 December 2016 at 19:11, David Sommerseth <open...@sf.lists.topphemmelig.net> wrote: > On 15/12/16 16:35, Sebastian Rubenstein wrote: >> Could you explain in greater detail your statement "use AES-256-GCM >> for more efficiency on the data channel"? > > I'll leave this to Steffan (or JJK).
AES-GCM has a shorter authentication tag (128 bits) than HMAC-SHA256 (256 bits). Also, AES-GCM doesn't need a unpredictable IV but rather just a unique-per-key nonce, which mean we can transfer 8 less bytes per packet for the IV. This saves us a total of 24 bytes per packet overhead compared to cipher AES-256-CBC + auth SHA256. Furthermore, AES-GCM can maximallu leverage the AES-NI hardware acceleration available in modern Intel CPUs, which will result is *much* faster crypto. -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
