Outline

This lesson includes these topics:

■ Cryptosystem Overview

■ Symmetric Encryption Asymmetric Encryption

■ Key Exchange—Diffie-Hellman

■ Hashing Summary

Cryptosystem Overview

This topic describes encryptions, authentications, hash functions, and key management systems that are used in cryptography.

© 2004 Cisco Systems, In

There are numerous encryption technologies that are available to provide confidentiality, including Data Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES). DES encrypts packet data with a 56-bit key. At its development in the 1970s, DES was thought to be unbreakable. Today, supercomputers can crack DES encryption in a few days. 3DES uses a double-length key (112 bits) and performs three DES operations in sequence. 3DES is 256 times stronger than DES. AES currently specifies keys with a length of 128, 192, or 256 bits to encrypt blocks with a length of 128, 192, or 256 bits (all nine combinations of key length and block length are possible). Cisco intends AES to be available on all Cisco products that currently have IPSec DES and 3DES functionality, such as Cisco IOS routers, Cisco Secure PIX Firewalls, Cisco VPN concentrators, and Cisco VPN clients.

Many standards have emerged to protect the secrecy of keys and to facilitate the changing of these keys. Diffie-Hellman implements key exchange without exchanging the actual keys. This is the most well-known and widely used algorithm for establishing session keys to encrypt data.

Note Cisco IOS images with strong encryption are subject to United States government export controls and have a limited distribution. Please check license availability before installing an encryption technology. This course uses the less powerful DES rather than 3DES due to more flexible export restrictions.

Rivest, Shamir, and Adelman (RSA) is the public-key cryptographic system developed by Ron Rivest, Adi Shamir, and Leonard Adelman. RSA signatures provide nonrepudiation while RSA-encrypted nonces (randomly generated values) provide repudiation. There are several technologies that provide authentication, including message digest algorithm 5 (MD5) and Secure Hash Algorithm (SHA).

0 0

Post a comment