SHA-1 or MD5

[Walker Andrew <andrew.walker () capco com>]

Hello,

The VPN I have inherited uses a mixture of message digests for the
encryption.  On 1 firewall the client encryption is set up with DES and
SHA-1, and at another location the FW client encryption is set up with DES
and MD5.    My understanding is the MD5 is quicker than SHA-1, but less
strong.

My question to the list subscribers, on NT based FW1, can the message
digests be changed to either SHA-1 or MD5 without breaking the VPN.  I just
wondered if it was a one time choice at setup time - non reversable.

Has anyone any comments on the best choice, MD5 or SHA-1 ?

Does it matter that there is a mix at all ?


Thanks in advance for any thoughts, experience or advice.

Best regards,

Andrew



************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Capco.

http://www.capco.com
***********************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards