Hash And Encryption Algorithms - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Virtual Private Networks
Overview
8-6
IPSec tunnel mode, which acts at the Network Layer (Layer 3), allows a
gateway device (such as a router) to provide IPSec support for many hosts.
The router receives a packet already encapsulated with an IP header. It then
encapsulates the IP packet with an IPSec header, adding a new IP header to
direct the packet to the location where it will be processed. (See Figure 8-1.)
The ProCurve Secure Router supports IPSec tunnel mode.
An AH header authenticates both the payload and the new IP header. An ESP
header only authenticates the payload, but can also encrypt it. The tools AH
and ESP use to secure data sent over the VPN tunnel are hash and encryption
algorithms.
Hash and Encryption Algorithms
To understand how algorithms secure data, you must understand the differ-
ence between a key and an algorithm. A key is a unique string of text; it is what
the router actually combines with data in order to transform the data. An
algorithm is a set method for transforming data; it specifies a series of
permutations and functions performed on data using the unique key.
Both AH and ESP use hash algorithms to authenticate data. A hash algorithm
uses a unique authentication key to condense data into a distinctive message
digest. The host then appends the message digest to the data. When the remote
host receives the complete packet, it uses the same authentication key and
algorithm to de-condense the message digest and compare it to the data. If the
two match, then the host knows both that:
the data was sent by the host claimed as the source (because only this
host also knows the unique authentication key)
the data has not been tampered with en route
An encryption algorithm uses a unique key to transform data into a form
readable only by a host using the same key.
AH and ESP support the following hash algorithms:
Message Digest 5 (MD5)
Secure Hash Algorithm (SHA)
ESP also supports the following encryption algorithms:
Data Encryption Standard (DES)
Triple DES (3DES)
Advanced Encryption Standard (AES), with 128, 192, or 256 bit keys
Advertisement
Chapters
Table of Contents
Troubleshooting
