Encryption key length, Encryption key guidelines, Encryption key length encryption key guidelines – Allied Telesis AT-S63 User Manual
Page 771
AT-S63 Management Software Menus Interface User’s Guide
Section IX: Management Security
771
Encryption Key
Length
To create a key pair, you must specify its length. The length is given in
bits. The range is 512 to 1,536 bits, in increments of 256 bits. The default
is 512 bits.
The general rule on key lengths is that the longer the key, the more difficult
it is for someone to decipher. If you are particularly concerned about the
safety of your management sessions, use a longer key length than the
default, although the default will probably be more than sufficient.
Creating a key is a very CPU intensive operation for the switch. The switch
does not stop forwarding packets between the ports, but the process can
impact the CPU’s handling of network events, such as the processing of
spanning tree BPDU packets. This can result in unexpected and unwanted
switch behavior.
A key with the default length should take the switch less than a minute to
create. Longer keys can take up to 15 minutes. Consider this information
when you create a key so that you do not to impact the operations of your
network. If you want a longer key, consider creating it before you connect
the switch to the network, or during periods of low network traffic.
Encryption Key
Guidelines
Below are guidelines to observe when creating an encryption key pair:
Web browser encryption requires only one key pair.
SSH encryption requires two key pairs. The keys must be of different
lengths of at least one increment (256 bits) apart. The recommended
size for the server key is 768 bits and the recommended size for the
host key is 1024 bits.
An AT-9400 Series switch can only use those key pairs it has
generated itself. The switch cannot use a key created on another
system and imported onto the switch.
The AT-S63 management software does not allow you to copy or
export a private key from a switch. However, you can export a public
key.
The AT-S63 management software uses the RSA public key algorithm.
Web browser and SSH encryption can share a key pair.