Since our upgrade to AES256 for the data channel (previously AES128) and SHA2-512bit (from SHA1-160 bit) for the HMAC authentication channel, we’ve been receiving reports on slowdowns especially for those using routers/integrated devices whereby CPU processing power is limited.
We had previously decided on this upgrade because of numerous complaints and several review sites marking us down for using AES128 only when the competition is using AES256. We have previously expressed that AES128 in many cases is just as good as AES256 and in certain cases better since AES128 implements a better key schedule. It is an opinion we still hold today and our opinion is that for the average VPN user, AES128 is pretty good.
However, after implementing AES256, our servers do not show any additional CPU impact and are therefore investigating the reports on slowdowns. It is also possible that the SHA-512 upgrade to the HMAC is causing the slowdown, however, SHA-1 is already considered insecure as it is vulnerable to collision attacks and therefore we believe it is prudent to upgrade this despite the performance hit.
Therefore, in light of this, before we decide on what to do, we would wish to monitor the situation for the next few days. If the speed issues persist and cannot be attributed to other causes we would be doing the following:
The alternative would be to segregate high security servers and keep them as xCloaks with the highest protection while keeping the weaker SHA-1 for regular servers for maximum performance. The problem with this is that for most people it will reduce security and introduce inequal distribution of users. We probably would see heavily underutilized high security servers.
Feedback is greatly appreciated and thank you for your patience and understanding as we move to improve our service and achieve a balance between performance and security. Please note that comments especially for first time posters may take time to be moderated as they will need to be processed manually.