Digi TransPort WR11 User Manual page 472

Configuring Virtual Private Networking (VPN)
Data Encryption Methods in IPSec
There are several different algorithms available for use in securing data whilst in transit over IP links.
Each encryption technique has its own strengths and weaknesses and this is really, a personal
selection made with regard to the sensitivity of the data you are trying to protect. Some general
statements may be made about the relative merits but users should satisfy themselves as to
suitability for any particular purpose.
DES (64-bit key)
The banking and financial world tends to use this well-known and established protocol. It is relatively
processor-intensive; to run efficiently at high data rates, a powerful processor is required. It is
generally considered very difficult for casual hackers to attack, but may be susceptible to determined
attack by well-equipped and knowledgeable parties.
3-DES (192-bit key)
Again, this is a well-established and accepted protocol but as it involves encrypting the data three
times using DES with a different key each time, it has a very high processor overhead. This also
renders it almost impossible for casual hackers to attack and very difficult to break in any meaningful
time frame, even for well-equipped and knowledgeable parties.
AES (128-bit key)
Also known as Rijndael encryption, AES is a standard adopted by many USA and European
organizations for sensitive applications. It has a relatively low processor overhead compared to DES
and it is therefore possible to encrypt at higher data rates. As with 3-DES, it is almost impossible for
casual hackers to attack and is very difficult to break in any meaningful time frame, even for well-
equipped and knowledgeable parties.
To put these into perspective, common encryption programs that are considered "secure" (such as
PGP) and on-line credit authorization services (such as Web-based credit card ordering) generally use
128-bit encryption.
Note Data rates are the maximum that could be achieved, but may be lower if other applications are
running at the same time or using small IP packet sizes.
Digi TransPort® Routers User Guide
Configure Internet Protocol security (IPsec)
472