Triple des encryption algorithms – Allied Telesis AT-S63 User Manual

Page 555

background image

AT-S63 Management Software Menus Interface User’s Guide

Section IV: Security

555

Plaintext is divided into 64-bit blocks which are encrypted with
the DES algorithm and key. For a given input block of plaintext
ECB always produces the same block of ciphertext.

Cipher Block Chaining (CBC) is the most popular form of DES

encryption. CBC also operates on 64-bit blocks of data, but
includes a feedback step which chains consecutive blocks so that
repetitive plaintext data, such as ASCII blanks, does not yield
identical ciphertext. CBC also introduces a dependency between
data blocks which protects against fraudulent data insertion and
replay attacks. The feedback for the first block of data is provided
by a 64-bit Initialization Vector (IV). This is the DES mode used for
the switch’s data encryption process.

Cipher FeedBack (CFB) is an additive-stream-cipher method

which uses DES to generate a pseudo-random binary stream that
is combined with the plaintext to produce the ciphertext. The
ciphertext is then fed back to form a portion of the next DES input
block.

Output FeedBack (OFB) combines the first IV DES algorithms

with the plaintext to form ciphertext. The ciphertext is then used
as the next IV.

The DES algorithm has been optimized to produce very high speed
hardware implementations, making it ideal for networks where high
throughput and low latency are essential.

Triple DES Encryption Algorithms

The Triple DES (3DES) encryption algorithm is a simple variant on the
DES CBC algorithm. The DES function is replaced by three rounds of that
function, an encryption followed by a decryption followed by an
encryption. This can be done by using either two DES keys (112-bit key)
or three DES keys (168-bit key).

The two-key algorithm encrypts the data with the first key, decrypts it
with the second key and then encrypts the data again with the first key.
The three-key algorithm uses a different key for each step. The three-key
algorithm is the most secure algorithm due to the long key length.

There are several modes in which Triple DES encryption can be
performed. The two most common modes are:

Inner CBC mode encrypts the entire packet in CBC mode three

times and requires three different initial is at ion vectors (IV’s).

Outer CBC mode triple encrypts each 8-byte block of a packet in

CBC mode three times and requires one IV.