Before we dive into the deep dark depths of how IPSec VPNs work, let's take a moment to review hashing, encryption, and the keys used for everything throughout. ## Hashing Now for all of this to work, three things are needed: data, a key, and an algorithm. Both sides need all three to come up with the same result. Two algorithms commonly used in IPSec are Message Digest version 5 and Secure Hash Algorithm. Figure 12.4 displays an example of hashing data to get a single hashed value. ## Figure 12.4. Hashing example.
## Message Digest Version 5Message Digest version 5 (MD5) is a hashing algorithm commonly used to authenticate data and ensure that data hasn't changed. It is a one-way hash that produces a fixed-length result called a message digest . MD5 feeds successive 512-bit blocks of data into the algorithm to eventually produce a 128-bit message digest. ## Secure Hash AlgorithmSecure Hash Algorithm (SHA-1) is the second hashing algorithm that can be used by IPSec. It produces a 160-bit result and is considered more secure than MD5. Because SHA-1 is more secure, it also takes longer to perform its functions. ## EncryptionEncryption is the process of taking data, a key, and an encryption algorithm and producing encrypted data known as cipher text . If the encrypted data needs to be extracted back to normal, a decryption key and algorithm are necessary. The following sections discuss the two main types of encryption used by IPSec: DES and 3DES. ## Data Encryption StandardData Encryption Standard (DES) uses a 56-bit symmetric encryption key, meaning the 56-bit key used to encrypt the data is the same key used to decrypt the data. DES was published in 1977 and is considered a fast and reliable encryption engine that is commonly used to provide basic protection or in places outside the United States where the export of stronger encryption is not allowed.
## Triple DESTriple DES (3DES) is a spin-off of DES itself. Basically, 3DES encrypts data, but it does it three times. 3DES iterates through the data three times with three different keys, dramatically increasing the protection level of the data. 3DES uses a 168-bit key and takes more time and processor power to run than normal DES does. Figure 12.5 shows an example of data encryption. ## Figure 12.5. An encryption example.
## KeysThe two technologies, hashing and encryption, both require keys with their algorithms. Keys come in two main types ”symmetric and asymmetric. You will see how these keys are used in several ways with different algorithms and technologies, but they all follow the same basic concepts. ## Symmetric Keys The symmetric key, also known as a shared secret key, is a single key used by both parties involved. This key is typically used to encrypt and decrypt data. For example, if Jack uses a key of ## Asymmetric KeysThe asymmetric key is actually two keys paired together. One is called the public key, and the other is called the private key. The public key is given out freely , whereas the private key never leaves the owner. When you encrypt something with the public key, it takes the corresponding private key to decrypt it, or vice versa. For example, if Jack has a copy of Peter's public key and uses that public key to encrypt some data, Peter could use his own matching private key to decrypt that data. Therefore, only Peter could decrypt the data. Asymmetric keys are considered slower and take more processor power; however, they are great for authentication and for use during the authentication phases of communication. |

CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)

ISBN: 0789730235

EAN: 2147483647

EAN: 2147483647

Year: 2003

Pages: 218

Pages: 218

Authors: Daniel P. Newman

flylib.com © 2008-2017.

If you may any questions please contact us: flylib@qtcs.net

If you may any questions please contact us: flylib@qtcs.net