Configure Virtual Private Networking (VPN) About Internet Protocol Security (IPSec)
Digi TransPort WR Routers User Guide 403
Data Encryption Methods in IPSec
There are several different algorithms available for use in securing data whilst in transit over IP
links. Each encryption technique has its own strengths and weaknesses and this is really, a personal
selection made with regard to the sensitivity of the data you are trying to protect. Some general
statements may be made about the relative merits but users should satisfy themselves as to
suitability for any particular purpose.
DES (64-bit key)
The banking and financial world tends to use this well-known and established protocol. It is
relatively processor-intensive; to run efficiently at high data rates, a powerful processor is required.
It is generally considered very difficult for casual hackers to attack, but may be susceptible to
determined attack by well-equipped and knowledgeable parties.
3-DES (192-bit key)
Again, this is a well-established and accepted protocol but as it involves encrypting the data three
times using DES with a different key each time, it has a very high processor overhead. This also
renders it almost impossible for casual hackers to attack and very difficult to break in any
meaningful time frame, even for well-equipped and knowledgeable parties.
AES (128-bit key)
Also known as Rijndael encryption, AES is a standard adopted by many USA and European
organizations for sensitive applications. It has a relatively low processor overhead compared to DES
and it is therefore possible to encrypt at higher data rates. As with 3-DES, it is almost impossible for
casual hackers to attack and is very difficult to break in any meaningful time frame, even for well-
equipped and knowledgeable parties.
To put these into perspective, common encryption programs that are considered “secure” (such as
PGP) and on-line credit authorization services (such as Web-based credit card ordering) generally
use 128-bit encryption.
Note Data rates are the maximum that could be achieved, but may be lower if other applications
are running at the same time or using small IP packet sizes.
To Next Page
Loading...
