Asymmetrical (public key) encryption – Allied Telesis AT-S60 User Manual

AT-S60 Management Software User’s Guide

Section V: Security Features

487

by a 64-bit Initialization Vector (IV). This is the DES mode used for
the switch’s data encryption process.

❑ Cipher FeedBack (CFB) is an additive-stream-cipher method

which uses DES to generate a pseudo-random binary stream that
is combined with the plaintext to produce the ciphertext. The
ciphertext is then fed back to form a portion of the next DES input
block.

❑ Output FeedBack (OFB) combines the first IV with the plaintext

to form ciphertext. The ciphertext is then used as the next IV.

The DES algorithm has been optimized to produce very high speed
hardware implementations, making it ideal for networks where high
throughput and low latency are essential.

Triple DES Encryption Algorithms

The Triple DES (3DES) encryption algorithm is a simple variant on the
DES CBC algorithm. The DES function is replaced by three rounds of that
function, an encryption followed by a decryption followed by an
encryption. This can be done by using either two DES keys (112-bit key)
or three DES keys (168-bit key).

The two-key algorithm encrypts the data with the first key, decrypts it
with the second key and then encrypts the data again with the first key.
The three-key algorithm uses a different key for each step. The three-key
algorithm is the most secure algorithm due to the long key length.

There are several modes in which Triple DES encryption can be
performed. The two most common modes are:

❑ Inner CBC mode encrypts the entire packet in CBC mode three

times and requires three different initial is at ion vectors (IV’s).

❑ Outer CBC mode triple encrypts each 8-byte block of a packet in

CBC mode three times and requires one IV.

Asymmetrical

(Public Key)

Encryption

Asymmetrical encryption algorithms use two keys—one for encryption
and one for decryption. The encryption key is called the public key
because it cannot be used to decrypt a message and therefore does not
have to be kept secret. Only the decryption, or private key, needs to be
kept secret. The other name for this type of algorithm is public key
encryption. The public and private key pair cannot be randomly
assigned, but must be generated together. In a typical scenario, a
decryption station generates a key pair and then distributes the public
key to encrypting stations. This distribution does not to be kept secret,
but it must be protected against the substitution of the public key by a
malicious third party. Another use for asymmetrical encryption is as a