Nortel Networks 608(WL) Manuale Utente

Configuration via the Command Line Interface

E-DOC-CTC-20051017-0169 v0.1

Cryptographic function

[crypto]

The table below shows the cryptographic functions supported by the SpeedTouch™ 
along with their corresponding key size:

DES is relatively slow and is the weakest of the algorithms, but it is the 
industry standard.

3DES is a stronger version of DES, but is the slowest of the supported 
algorithms (for a comparable key length).

AES is the new encryption standard selected by the American government to 
replace DES/3DES. It is recommended to use AES since it is the most 
advanced of the supported encryption methods.

NULL encryption: The message is not encrypted. Selecting NULL encryption 
achieves authentication without encryption, being equivalent to the use of the 
Authentication Header (AH) that is no longer supported from Release 5.3 
onwards. 
In addition, NULL encryption may be useful for testing purposes since the 
messages on the communication link can be interpreted. Message 
authentication remains active.

Key length [keylen]

The SpeedTouch™  supports 3 different key lengths for the AES encryption 
algorithm. The 

 parameter assigns the key length for this algorithm. Three 

values are valid, as specified in the table above..

Authentication Hashing

function [integrity]

The SpeedTouch™ supports two types of hashing algorithms:

HMAC is always used as integrity algorithm, combined with either MD5 or 
SHA1.

SHA1 is stronger than MD5, but slightly slower.

Algorithm

Valid key sizes 
(bits)

Popular sizes

Default size

DES

56

56

56

3DES

168

168

168

AES

128, 192, 256

128, 192, 256

-

NULL

-

-

-

The DES and 3DES algorithms have a fixed key length. For these algorithms 
the [keylen] parameter is not shown in the CLI.

Hashing algorithm

MD5

SHA1