IPSec Hash and Encryption Algorithms?

efaden · September 4, 2015, 10:04pm

Can anyone shed some light on which to use when? Or which is better and why?

Hash Algorithm Options - SHA1, MD5, SHA256, SHA512
Encryption Algorithm Options -
DES and 3DES
AES in 128, 192, or 256 Bits with CBC, CTR, or GCM
Camellia in 128, 192, or 256
Twofish and Blowfish

Any suggestions or info? The Wiki is a little bare here.

-Eric

IntrusDave · September 5, 2015, 2:55am

Hash: Use SHA256 or greater. MD5 and SHA1 are both considered “broken”. That is, they have been proven to be crackable. SHA256 is safe (for now), SHA512 is better, but slower. If you have high bandwidth and low CPU power, use 256. If you are not worried about throughput and latency, use 512.

Encryption: DES is too weak. 3DES is just fine for most everything. AES128 is the “preferred” mainly because it’s faster and now many CPUs have hardware acceleration for it. 256 and 512 variants are just that much stronger, but rarely have acceleration. AES is also an Open Standard and has been vetted by many MANY groups.

Camellia is a patented (but free) encryption with abilities comparable to AES. It’s a standard and accepted by most, but still a patented code by a Japanese company.

Blowfish and Twofish: Blowfish is the older brother of Twofish. Two fish was a “runner up” to AES. very compatible in abilities and completely open. It is slightly slower at 128 bit, and slightly faster at 256 bit.

The choice is yours. They are all perfectly acceptable. Unless you are doing some serious Top Secret stuff, no hackers are going to spend the time needed to try and crack your VPN with any of them. The best choice will depend more on the hardware you put behind them. Lower end hardware (remember, this runs on the CPU..) will need no more than 128bit. AES if accelerated, 3des if not. Being “non-standard”, you will never find hardware acceleration for Camellia or Twofish.

Hope this helps.

efaden · September 5, 2015, 9:41am

Thanks a lot. That was a fantastic explanation. Can you also explain cbc, ctr, and gcm? Maybe mikrotik can put this information on the wiki.

Sent from my SCH-I545 using Tapatalk

IntrusDave · September 6, 2015, 4:24am

That’s a lot harder to explain. Best to read the Wikipedia pages on each. In general, I believe that GCM is the most secure. Some say it’s also the fastest.

Choosing GCM allows you to use NULL as the authentication, as GCM already provides the auth. That should help with efficiency. But keep in mind, AES-GCM crashes on the current builds of RouterOS.

efaden · September 6, 2015, 11:11am

Thanks for the info. I’ll read up on those on Wikipedia. The GCM sounded interesting before, but the crashing thing is not so awesome.

eternal0 · September 7, 2015, 8:30am

Normal: Null + AES-256-GCM
Hardware accelerated RouterBOARD: sha256 + AES-256-CBC