Link to home
Start Free TrialLog in
Avatar of mrpez1
mrpez1

asked on

3DES vs. AES-256

Through a firmware upgrade I now have the option of using AES-256 on my VPNs instead of 3DES with essentially the same throughput. To take advatage of this upgrade, I need to shuffle around a few firewalls. Is the security increase worth the effort? I know we're talk'n 160 billion years to crack vs. 150 trillion (or something like that) but does anyone in the know have an opinion?
Avatar of Les Moore
Les Moore
Flag of United States of America image

The only underlying issues are
1) the patent on the DES encryption algorithm expired and is now free to use. It won't be too much longer before there are cracking engines
2) the US Govt has decreed AES to be the new encryption standard for use on Gov't networks

No encryption medthod will protect you any more than another unless you have the proper policies, meet proper regulations, and deploy it using industry standard best practices.

I can't think of any good value or return on investment if the change costs you any money (staff time=money), and is not mandated by some policy or regulation that your company has to abide by.


SOLUTION
Avatar of Tim Holman
Tim Holman
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mrpez1
mrpez1

ASKER

Are you sure that's not DES? 22 hours to crack 168 bits without a shortcut is pretty impressive even for the NSA.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yup.. .make that DES, not 3DES... sorry !