beautypg.com

Encryption key length, Encryption key guidelines, Encryption key length encryption key guidelines – Allied Telesis AT-S62 User Manual

Page 494

background image

Chapter 26: Encryption Keys

Section VII: Management Security

494

SSH encryption requires two key pairs on the switch— a server key pair
and a host key pair. You then configure the Secure Shell protocol server
software on the switch, as explained in Chapter 28, Secure Shell (SSH)
Protocol on page 543, by specifying the keys as the host and server SSH
keys.

Encryption Key

Length

To create a key pair, you must specify its length. The length is given in
bits. The range is 512 to 1,536 bits, in increments of 256 bits. The default
is 512 bits.

The general rule on key lengths is that the longer the key, the more
difficult it is for someone to break (decipher). If you are particularly
concerned about the safety of your management sessions, you might go
with a longer key length than the default, though in all likelihood, the
default will be more than sufficient.

It should be pointed out that creating a key is a very CPU intensive
operation for the switch. The switch will not stop forwarding packets
between the ports, but the process can impact the CPU’s handling of
network events, such as the processing of spanning tree BPDU packets.
This can result in unexpected and unwanted switch behavior.

A key with the default length should take the switch less than a minute
to create, while longer keys can take upwards of fifteen minutes. You
should take this into account when creating a key so as not to impact the
operations of your network. If you want a longer key, you might consider
creating it before you connect the switch to the network, or during
periods of low network traffic.

Encryption Key

Guidelines

Below are guidelines to observe when creating an encryption key pair:

❑ Web browser encryption requires only one key pair.

❑ SSH encryption requires two key pairs. The keys must be of

different lengths of at least one increment (256 bits) apart. The
recommended size for the server key is 768 bits and the
recommended size for the host key is 1024 bits.

❑ An AT-8524M switch can only use those key pairs it has generated

itself. The switch cannot use a key created on another system and
imported onto the switch.

❑ The AT-S62 management software does not allow you to copy or

export a private key from a switch. However, you can export a
public key.

❑ The AT-S62 management software uses the RSA public key

algorithm.

❑ Web browser and SSH encryption can share a key pair.

See also other documents in the category Allied Telesis Computer hardware: