Technical overview of encryption, Data encryption, Symmetrical encryption – Allied Telesis AT-S63 User Manual
Page 554: Des encryption algorithms, Symmetrical encryption des encryption algorithms
Chapter 26: Encryption Keys
554
Section IV: Security
Technical Overview of Encryption
The encryption feature provides the following data security services:
❑ Data encryption
❑ Data authentication
❑ Key exchange algorithms
❑ Key creation and storage
Data
Encryption
Data encryption for switches is driven by the need for organizations to
keep sensitive data private and secure. Data encryption operates by
applying an encryption algorithm and key to the original data (the
plaintext) to convert it into an encrypted form (the ciphertext). The
ciphertext produced by encryption is a function of the algorithm used
and the key. Because it is easy to discover what type of algorithm is
being used, the security of an encryption system relies on the secrecy of
its key information. When the ciphertext is received by the remote
router, the decryption algorithm and key are used to recover the original
plaintext. Often, a checksum is added to the data before encryption. The
checksum allows the validity of the data to be checked on decryption.
There are two main classes of encryption algorithm in use: symmetrical
encryption and asymmetrical encryption.
Symmetrical Encryption
Symmetrical encryption refers to algorithms in which a single key is used
for both the encryption and decryption processes. Anyone who has
access to the key used to encrypt the plaintext can decrypt the
ciphertext. Because the encryption key must be kept secret to protect
the data, these algorithms are also called private, or secret key
algorithms. The key can be any value of the appropriate length.
DES Encryption Algorithms
The most common symmetrical encryption system is the Data Encryption
Standard (DES) algorithm (FIPS PUB 46). The DES algorithm has
withstood the test of time and proved itself to be a highly secure
encryption algorithm. To fully conform to the DES standard, the actual
data encryption operations must be carried out in hardware. Software
implementations can only be DES-compatible, not DES-compliant. The
DES algorithm has a key length of 56 bits and operates on 64-bit blocks
of data. DES can be used in the following modes:
❑ Electronic Code Book (ECB) is the fundamental DES function.