search cancel

Are there any performance issues after switching to AES256 encryption on the CA Top Secret security file?


Article ID: 16592


Updated On:


Top Secret Top Secret - LDAP


Are there any performance issues after converting to AES 256 encryption on the CA Top Secret security file?



Component: TSSMVS


We don't have any reported performance problems related to AES 256 encryption.

We have had other clients pose the same questions as yours.

AES256 is absolutely a more CPU intensives solution than any other encryption methodology provided in the past. The hashing algorithm requires a significant number of instruction iterations to complete to achieve the desired levels of protection. Its approximately 4-5 times more.

It is strongly recommended that you consider the hardware implementations of ICSF Cryptographic services and CPACF (CP Assist for Cryptographic Function) functions to achieve the best performance (hardware is faster than software). Overall CPU utilization will be higher with AES256, the response to end users will be dependent on application requirements for logon activity.

With that said, from my experience, the majority of our clients implemented AES256 when they migrated to r16 and we don't have any reported problems indicating their was a sudden surge in CPU.  This implies that the impact is not noticeable.