mrpez1
asked on
3DES vs. AES-256
Through a firmware upgrade I now have the option of using AES-256 on my VPNs instead of 3DES with essentially the same throughput. To take advatage of this upgrade, I need to shuffle around a few firewalls. Is the security increase worth the effort? I know we're talk'n 160 billion years to crack vs. 150 trillion (or something like that) but does anyone in the know have an opinion?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Are you sure that's not DES? 22 hours to crack 168 bits without a shortcut is pretty impressive even for the NSA.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yup.. .make that DES, not 3DES... sorry !
1) the patent on the DES encryption algorithm expired and is now free to use. It won't be too much longer before there are cracking engines
2) the US Govt has decreed AES to be the new encryption standard for use on Gov't networks
No encryption medthod will protect you any more than another unless you have the proper policies, meet proper regulations, and deploy it using industry standard best practices.
I can't think of any good value or return on investment if the change costs you any money (staff time=money), and is not mandated by some policy or regulation that your company has to abide by.