Avaya Configuring Data Encryption Services Manuel d'utilisateur télécharger pdf (Page 18)

Configuring Data Encryption Services

1-2

117386-A Rev. A

Data Encryption Standard (DES)

Bay Networks bases encryption services on DES, which the United States

government has adopted to protect sensitive but nonclassiﬁed data. The American

National Standards Institute (ANSI), the IETF, and various banking and ﬁnancial

standards groups have also incorporated DES into security standards.

DES describes the process that transforms 64-bit blocks of data from readable

plaintext

to scrambled

ciphertext

. A 40-bit or 56-bit number that you generate,

known as a

key,

controls the scrambling and unscrambling. Both ends of a link

must use the same key value for one end to be able to decrypt the data that the

other end sends.

DES is designed so that even if someone knows some of the plaintext data and the

corresponding ciphertext, there is no way to determine the key without trying all

possible keys. The strength of encryption-based security rests on the size of the

key, and on properly protecting the key.

Because DES is a public standard, the encryption is secure only if the

communicating routers and the management station keep the DES key secret and

protected from unauthorized change.

40-Bit and 56-Bit Encryption Strengths

Bay Networks offers two encryption strengths:

• The standard router software includes encryption that uses 40-bit keys. This

version provides reasonably strong security.

• We also offer a strong encryption option (SEO) that uses 56-bit DES keys.

SEO software is generally available only in the United States and Canada. U.S.

law allows export of the SEO only with a U.S. export license. For more

information on the export, import, and use of SEO outside the United States and

Canada, refer to the SEO software license agreement.

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 61 62

Pas de commentaire

Avaya Configuring Data Encryption Services Manuel d'utilisateur Page 18