Nortel Networks 608(WL) Manual De Usuario
Chapter 4
Configuration via the Command Line Interface
E-DOC-CTC-20051017-0169 v0.1
112
Cryptographic function
[crypto]
The table below shows the encryption algorithms supported by the SpeedTouch™
along with their corresponding key size:
along with their corresponding key size:
DES is relatively slow and is the weakest of the algorithms, but it is the
industry standard.
industry standard.
3DES is a stronger version of DES, but is the slowest of the supported
algorithms (for a comparable key length).
algorithms (for a comparable key length).
AES is the new encryption standard selected by the American government to
replace DES/3DES. It is recommended to use AES since it is the most
advanced of the supported encryption methods.
replace DES/3DES. It is recommended to use AES since it is the most
advanced of the supported encryption methods.
Key length [keylen]
The SpeedTouch™ supports 3 different key lengths for the AES encryption
algorithm. The
algorithm. The
keylen
parameter assigns the key length for this algorithm. Three
values are valid, as specified in the table above.
Authentication Hashing
function [integrity]
The SpeedTouch™ supports two types of hashing algorithms:
HMAC is always used as integrity algorithm, combined with either MD5 or
SHA1.
SHA1.
SHA1 is stronger than MD5, but slightly slower.
Diffie-Hellman group
[group]
The table below shows the supported Diffie-Hellman groups:
Algorithm
Valid key sizes
(bits)
(bits)
Popular sizes
Default size
DES
56
56
56
3DES
168
168
168
AES
128, 192, 256
128, 192, 256
-
The DES and 3DES algorithms have a fixed key length. For these algorithms
the [keylen] parameter is not shown in the CLI.
the [keylen] parameter is not shown in the CLI.
Hashing algorithm
MD5
SHA1
Diffie-Hellman group
number
number
number of bits
Keyword
1
768
MODP768
2
1024
MODP1024
5
1536
MODP1536