D-Link DFL-1600 User Manual page 216

196
Symmetric Encryption
In symmetric encryption, the same key is used for both encryption and
decryption. Therefore the key is shared by the sender and the recipients,
and must be kept secretly. Using the same secret key is a faster and simpler
computation method, but the key distribution among users in the first
place is a major problem, which must be carried out very carefully to
prevent from passing the key to a wrong hand.
To secure the sharing of the secret key, session keys or public keys are often
involved in the actual operation.
A session key, as its name describes, is only valid for one session. Even if
the key is compromised at a session, it cannot be used for future
decryption. Another solution is the use of public key handled by
asymmetric encryption presented next.
Currently, common used symmetric encryption algorithms include:
DES and Triple DES
– DES uses a 56-bit key and is considered equal in strength to most
other algorithms that use 40-bit keys. Its relatively short key length
by modern standards means that it is now considered vulnerable to
brute force attacks.
Triple-pass DES uses three different keys in three DES passes,
forming a theoretical key length of 168 bits.
Blowfish
– A 64-bit block cipher with key length variable between 32 and 448
bits.
Twofish
– A 128-bit block cipher with key length 128, 192, or 256 bits.
CAST-128
– A 64-bit block cipher with a 128-bit key, less frequently employed
than Blowfish.
AES
– A 128-bit block size with key lengths of 128-256 bits, a sound
alternative to the ageing DES.
D-Link firewall's VPN implementation supports all the above algorithms.
D-Link Firewalls User's Guide
Chapter 20. VPN Basics