D-Link DFL-2500 User Guide - Page 215
Symmetric Encryption
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 215 highlights
196 Chapter 20. VPN Basics Symmetric Encryption In symmetric encryption, the same key is used for both encryption and decryption. Therefore the key is shared by the sender and the recipients, and must be kept secretly. Using the same secret key is a faster and simpler computation method, but the key distribution among users in the first place is a major problem, which must be carried out very carefully to prevent from passing the key to a wrong hand. To secure the sharing of the secret key, session keys or public keys are often involved in the actual operation. A session key, as its name describes, is only valid for one session. Even if the key is compromised at a session, it cannot be used for future decryption. Another solution is the use of public key handled by asymmetric encryption presented next. Currently, common used symmetric encryption algorithms include: • DES and Triple DES - DES uses a 56-bit key and is considered equal in strength to most other algorithms that use 40-bit keys. Its relatively short key length by modern standards means that it is now considered vulnerable to brute force attacks. Triple-pass DES uses three different keys in three DES passes, forming a theoretical key length of 168 bits. • Blowfish - A 64-bit block cipher with key length variable between 32 and 448 bits. • Twofish - A 128-bit block cipher with key length 128, 192, or 256 bits. • CAST-128 - A 64-bit block cipher with a 128-bit key, less frequently employed than Blowfish. • AES - A 128-bit block size with key lengths of 128-256 bits, a sound alternative to the ageing DES. D-Link firewall's VPN implementation supports all the above algorithms. D-Link Firewalls User's Guide