beautypg.com

Encryption key length, Encryption key guidelines, Encryption key length encryption key guidelines – Allied Telesis AT-S62 User Manual

Page 689

background image

AT-S62 Management Software Menus Interface User’s Guide

Section VII: Management Security

689

Encryption Key

Length

To create a key pair, you must specify its length. The length is given in
bits. The range is 512 to 1,536 bits, in increments of 256 bits. The default
is 512 bits.

The general rule on key lengths is that the longer the key, the more difficult
it is for someone to break (decipher). If you are particularly concerned
about the safety of your management sessions, you might go with a longer
key length than the default, though in all likelihood the default will be more
than sufficient.

It should be pointed out that creating a key is a very CPU intensive
operation for a switch. The switch will not stop forwarding packets between
the ports, but the process can impact the CPU’s handling of network
events, such as the processing of spanning tree BPDU packets. This can
result in unexpected and unwanted switch behavior.

A key with the default length should take the switch less than a minute to
create, while longer keys can take upwards of fifteen minutes. You should
take this into account when creating a key so as not to impact the
operations of your network. If you want a longer key, you might consider
creating it before you connect the switch to the network, or during periods
of low network traffic.

Encryption Key

Guidelines

Below are guidelines to observe when creating an encryption key pair:

ˆ

Web browser encryption requires only one key pair.

ˆ

SSH encryption requires two key pairs. The keys must be of different
lengths of at least one increment (256 bits) apart. The recommended
size for the server key is 768 bits and the recommended size for the
host key is 1024 bits.

ˆ

An AT-8500 Series switch can only use those key pairs it has
generated itself. The switch cannot use a key created on another
system and imported onto the switch.

ˆ

The AT-S62 management software does not allow you to copy or
export a private key from a switch. However, you can export a public
key.

ˆ

The AT-S62 management software uses the RSA public key algorithm.

ˆ

Web browser and SSH encryption can share a key pair.

See also other documents in the category Allied Telesis Computer hardware: