Thank you Stefan for nice explanation.
On 6 August 2017 at 21:44, Steffan Karger <stef...@karger.me> wrote:
> The average per-packet overhead of this solution is 20 (IP) + 8 (UDP) +
> 4 (average CBC padding for BF-CBC) or 8 (average CBC padding for AES) =
> 32 or 36 bytes.
>
> The average per-packet overhead of the AES-128-GCM/AES-256-GCM is 20
> (IP) + 8 (UDP) + 4 (GCM IV) + 16 (GCM tag) = 48 bytes.
>
> So the difference is just 12 or 16 bytes, but gives you a huge gain in
> security. On top of that, GCM gives you a very nice hardware speedup on
> modern CPUs.
>
12 or 16 bytes is huge difference when we speak about original packet size
of 40-60 bytes.
Of course it's ok when packet size is large enough.
--
Regards,
Yevgeny
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
