Consider both security and performance when choosing encryption and data integrity methods. Out of the two types of encryption supported--DES and TripleDES--the strongest is TripleDES, which is recommended for any sensitive data. Although DES requires less computing time for encryption and decryption, it is recommended only where strong security is not necessary or where use of strong encryption is prevented by export restrictions.
Data integrity ensures that the data received by a VPN endpoint has not been altered while in transit. Two types of data authentication are supported: 128-bit strength Message Digest 5 (MD5-HMAC) and 160-bit strength secure hash algorithm (SHA-HMAC). Because SHA-HMAC has a greater bit strength, it is considered more secure to a small degree, although it may place a slightly heavier load on the processor. However, both MD5 and SHA are considered secure and are used extensively.
Related topics:
Selecting an Authentication Method
Copyright
© 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use