| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
3.3.1 Encryption algorithms used in the record layer
Confidentiality in the record layer is achieved by using symmetric
block encryption algorithms like 3DES, AES
or stream algorithms like ARCFOUR_128.
Ciphers are encryption algorithms that use a single, secret,
key to encrypt and decrypt data. Block algorithms in CBC mode also provide
protection against statistical analysis of the data. Thus, if you’re
using the TLS protocol, a random number of blocks will be
appended to data, to prevent eavesdroppers from guessing the actual
data size.
The supported in GnuTLS ciphers and MAC algorithms are shown in Table 3.1 and Table 3.2.
| Algorithm | Description |
|---|---|
| 3DES_CBC | This is the DES block cipher algorithm used with triple encryption (EDE). Has 64 bits block size and is used in CBC mode. |
| ARCFOUR_128 | ARCFOUR_128 is a compatible algorithm with RSA’s RC4 algorithm, which is considered to be a trade secret. It is a fast cipher but considered weak today. |
| ARCFOUR_40 | This is the ARCFOUR cipher fed with a 40 bit key, which is considered weak. |
| AES_CBC | AES or RIJNDAEL is the block cipher algorithm that replaces the old DES algorithm. Has 128 bits block size and is used in CBC mode. |
| AES_GCM | This is the AES algorithm in the authenticated encryption GCM mode. This mode combines message authentication and encryption and can be extremely fast on CPUs that support hardware acceleration. |
| CAMELLIA_CBC | This is an 128-bit block cipher developed by Mitsubishi and NTT. It is one of the approved ciphers of the European NESSIE and Japanese CRYPTREC projects. |
Table 3.1: Supported ciphers.
| Algorithm | Description |
|---|---|
| MAC_MD5 | This is a cryptographic hash algorithm designed by Ron Rivest. Outputs 128 bits of data. |
| MAC_SHA1 | A cryptographic hash algorithm designed by NSA. Outputs 160 bits of data. |
| MAC_SHA256 | A cryptographic hash algorithm designed by NSA. Outputs 256 bits of data. |
| MAC_AEAD | This indicates that an authenticated encryption algorithm, such as GCM, is in use. |
Table 3.2: Supported MAC algorithms.
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on January 21, 2012 using texi2html 5.0.