Nortel 4134 Guia Do Utilizador
76
SSH2 fundamentals
SSH ciphers
Ciphers are methods for encrypting and decrypting data. There are two
classes of key-based encryption algorithms, symmetric (or secret-key) and
asymmetric (or public-key) algorithms. While symmetric algorithms use the
same key for encryption and decryption, the asymmetric algorithms use
different keys for encryption and decryption (a private and public key pair).
Here the decryption key cannot be derived from the encryption key. The list
of symmetric algorithms supported for SR4134 are as follows:
classes of key-based encryption algorithms, symmetric (or secret-key) and
asymmetric (or public-key) algorithms. While symmetric algorithms use the
same key for encryption and decryption, the asymmetric algorithms use
different keys for encryption and decryption (a private and public key pair).
Here the decryption key cannot be derived from the encryption key. The list
of symmetric algorithms supported for SR4134 are as follows:
Table 6
SSH ciphers
SSH ciphers
Name
Description
3des-cbc
3 key DES in CBC mode
blowfish-cbc
Blowfish in CBC mode
aes128-cbc
AES, CBC mode, 128-bit key
aes192-cbc
AES, CBC mode, 192-bit key
aes256-cbc
AES, CBC mode, 256-bit key
SSH MAC algorithms
The Message Authentication Code algorithms are usually hash functions
which compress the bits of a message to a fixed-size hash value in a way
that distributes the possible messages evenly among the possible hash
values. A cryptographic hash function does this in a way that makes it
extremely difficult to come up with a message that would hash to a particular
hash value. The MAC algorithms supported for SR4134 are as follows:
which compress the bits of a message to a fixed-size hash value in a way
that distributes the possible messages evenly among the possible hash
values. A cryptographic hash function does this in a way that makes it
extremely difficult to come up with a message that would hash to a particular
hash value. The MAC algorithms supported for SR4134 are as follows:
Table 7
SSH MAC algorithms
SSH MAC algorithms
Name
Description
hmac-sha1
HMAC-SHA1 (digest length = key length = 20)
hmac-sha1-96
first 96 bits of HMAC-SHA1 (digest length = 12, key length =
20)
20)
hmac-md5
HMAC-MD5 (digest length = key length = 16)
hmac-md5-96
first 96 bits of HMAC-MD5 (digest length = 12, key length =
16)
16)
SSH compression
SSH uses GNU ZLIB (LZ77) for compression. The ZLIB compression
is described in RFC 1950 and in RFC 1951. By default, compression is
enabled.
is described in RFC 1950 and in RFC 1951. By default, compression is
enabled.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.