Manualshelf

Brocade Web Tools Administrator's Guide - Supporting Fabric OS v7.0.0 (53-1002152-01, March 2012)

ManualsBrandsHP ManualsComputer AccessoriesHP SN8000B 16Gb 32-port Fibre Channel Blade
231232233234235236237238239240
204 Web Tools Adminstrators Guide
53-1002152-01
IPsec concepts
16
Encryption algorithms
An encryption algorithm is used to encrypt messages used in the IKE negotiation. Table 18 lists the
available encryption algorithms. A brief description is provided. If you need further information,
please refer to the RFC.
Hash algorithms
Hash message authentication codes (HMAC) check data integrity through a mathematical
calculation on a message using a hash algorithm combined with a shared, secret key. Table 19 lists
the available encryption algorithms. The sending computer uses the hash function and shared key
to compute a checksum or code for the message, and sends it to the receiving computer. The
receiving computer must perform the same hash function on the received message and shared key
and compare the result. If the hash values are different, it indicates that a third party may have
tampered with the message in transit, and the packet is rejected.
Pseudo-Random Function algorithm
The Pseudo-Random Function (PRF) algorithm generates output that appears to be random data,
using the HMAC chosen as the hash algorithm as the seed value. PRF is used to strengthen
security.
Public key certificate-based authentication
Industry standard X.500 database servers are available as certificate authority servers to enable
certificate-based authentication of computers.
SA lifetime
The SA lifetime may be defined as the number of bytes transmitted before the SA is rekeyed, or as
a time value in seconds, or both. When both are used, the SA lifetime is determined by the
threshold that is first reached. Whenever an SA lifetime expires, the security association (SA) is
renegotiated and the key is refreshed or regenerated.
TABLE 18 Encryption algorithm options
Encryption algorithm Description RFC number
3des_cbc 3DES processes each block three times, using
a unique 56-bit key each time.
RFC 2451
null_enc No encryption is performed.
aes128_cbc Advanced Encryption Standard (AES) 128 bit
block cipher.
RFC 4869
aes256_cbc Advanced Encryption Standard (AES) 256 bit
block cipher.
RFC 4869
TABLE 19 Hash algorithm options
Hash algorithm Description RFC/Publication number
aes_xcbc Uses a cypher block and extended cypher block
chaining (CBC).
RFC 3566
hmac_md5 The MD5 computation produces a 128-bit
hash.
RFC 1321
hmac_sha1 The SHA1 computation produces a 160-bit
hash.
FIPS Pub 180-1