beautypg.com

Encryption key length, Encryption key guidelines, Ssl and enhanced stacking – Allied Telesis AT-S63 User Manual

Page 549

background image

AT-S63 Management Software Menus Interface User’s Guide

Section IV: Security

549

Encryption Key

Length

To create a key pair, you must specify its length. The length is given in
bits. The range is 512 to 1,536 bits, in increments of 256 bits. The default
is 512 bits.

The general rule on key lengths is that the longer the key, the more
difficult it is for someone to break (decipher). So if you are particularly
concerned about the safety of your management sessions, use a longer
key length than the default, although the default will be more than
sufficient.

Creating a key is a very CPU intensive operation for the switch. The
switch does not stop forwarding packets between the ports, but the
process can impact the CPU’s handling of network events, such as the
processing of spanning tree BPDU packets. This can result in unexpected
and unwanted switch behavior.

A key with the default length should take the switch less than a minute
to create. Longer keys can take up to 15 minutes. Consider this
information when you create a key so that you do not to impact the
operations of your network. If you want a longer key, consider creating it
before you connect the switch to the network, or during periods of low
network traffic.

Encryption Key

Guidelines

Below are guidelines to observe when creating an encryption key pair:

❑ Web browser encryption requires only one key pair.

❑ SSH encryption requires two key pairs. The keys must be of

different lengths of at least one increment (256 bits) apart. The
recommended size for the server key is 768 bits and the
recommended size for the host key is 1024 bits.

❑ An AT-9400 Series switch can only use those key pairs it has

generated itself. The switch cannot use a key created on another
system and imported onto the switch.

❑ The AT-S63 management software does not allow you to copy or

export a private key from a switch. However, you can export a
public key.

❑ The AT-S63 management software uses the RSA public key

algorithm.

❑ Web browser and SSH encryption can share a key pair.

SSL and

Enhanced

Stacking

Secure Sockets Layer (SSL) is supported in an enhanced stack, but only
when all switches in the stack are using the feature.

When a switch’s web server is operating in HTTP, management packets
are transmitted in plaintext. When it operates in HTTPS, management

See also other documents in the category Allied Telesis Computer hardware: