3DES operates similarly to DES, in that data is broken into 64-bit blocks. 3DES then
processes each block three times, each time with an independent 56-bit key. 3DES
provides signi?¬?cant encryption strength over 56-bit DES. DES is a symmetric key
cryptosystem.
?– Advanced Encryption Standard (AES): The National Institute of Standards and
Technology (NIST) has recently adopted AES to replace the existing DES encryption
in cryptographic devices. AES provides stronger security than DES and is
computationally more ef?¬?cient than 3DES. AES offers three different key lengths:
128-, 192-, and 256-bit keys.
?– Rivest, Shamir, and Adleman (RSA): RSA is an asymmetrical key cryptosystem. It
uses a key length of 512, 768, 1024, or larger. IPsec does not use RSA for data
encryption. IKE only uses RSA encryption during the peer authentication phase.
VPN data is transported over the public Internet. Potentially, this data could be intercepted
and modi?¬?ed. To guard against this problem, you can use a data integrity algorithm. A data
integrity algorithm adds a hash to the message. A hash guarantees the integrity of the
original message. If the transmitted hash matches the received hash, the message has not
been tampered with.
Pages:
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462