| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
3.3.1 Encryption algorithms used in the record layer
Confidentiality in the record layer is achieved by using symmetric
block encryption algorithms like 3DES, AES
or stream algorithms like ARCFOUR_128.
Ciphers are encryption algorithms that use a single, secret,
key to encrypt and decrypt data. Block algorithms in TLS also provide
protection against statistical analysis of the data. Thus, if you’re
using the TLS protocol, a random number of blocks will be
appended to data, to prevent eavesdroppers from guessing the actual
data size.
The supported in GnuTLS ciphers and MAC algorithms are shown in tab:ciphers and tab:macs.
| Algorithm | Description |
|---|---|
| 3DES_CBC | This is the DES block cipher algorithm used with triple encryption (EDE). Has 64 bits block size and is used in CBC mode. |
| ARCFOUR_128 | ARCFOUR_128 is a compatible algorithm with RSA’s RC4 algorithm, which is considered to be a trade secret. It is a fast cipher but considered weak today. |
| ARCFOUR_40 | This is the ARCFOUR cipher fed with a 40 bit key, which is considered weak. |
| AES_CBC | AES or RIJNDAEL is the block cipher algorithm that replaces the old DES algorithm. Has 128 bits block size and is used in CBC mode. |
| AES_GCM | This is the AES algorithm in the authenticated encryption GCM mode. This mode combines message authentication and encryption and can be extremely fast on CPUs that support hardware acceleration. |
| CAMELLIA_CBC | This is an 128-bit block cipher developed by Mitsubishi and NTT. It is one of the approved ciphers of the European NESSIE and Japanese CRYPTREC projects. |
Table 3.1: Supported ciphers.
| Algorithm | Description |
|---|---|
| MAC_MD5 | This is a cryptographic hash algorithm designed by Ron Rivest. Outputs 128 bits of data. |
| MAC_SHA1 | A cryptographic hash algorithm designed by NSA. Outputs 160 bits of data. |
| MAC_SHA256 | A cryptographic hash algorithm designed by NSA. Outputs 256 bits of data. |
| MAC_AEAD | This indicates that an authenticated encryption algorithm, such as GCM, is in use. |
Table 3.2: Supported MAC algorithms.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |