Crypto, Integrity, Group – Nortel Networks 608(WL) User Manual

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

84

Crypto

The table below shows the encryption algorithms supported by the SpeedTouch™
along with their corresponding key size:

DES is relatively slow and is the weakest of the algorithms, but it is the
industry standard.

3DES is a stronger version of DES, but is the slowest of the supported
algorithms (for a comparable key length).

AES is the new encryption standard selected by the American government to
replace DES/3DES. It is recommended to use AES since it is the most
advanced of the supported encryption methods.

Integrity

The SpeedTouch™ supports two types of hashing algorithms:

HMAC is always used as integrity algorithm, combined with either MD5 or
SHA1.

SHA1 is stronger than MD5, but slightly slower.

Group

The table below shows the supported Diffie-Hellman groups:

Lifetime-secs

The lifetime of a Security Association is specified in seconds:

Algorithm

Valid key lengths (bits)

DES

56

3DES

168

AES

128, 192, 256

Hashing algorithm

MD5

SHA1

Diffie-Hellman group
number

number of bits

Keyword

1

768

MODP768

2

1024

MODP1024

5

1536

MODP1536

Lifetime measured in:

Minimum value

Maximum value

seconds

240 (=4 minutes)

31536000 (=1 year)