[ новости /+++ | форум | теги | ]

NAME
     encr3des - Triple-DES-CBC Encryption  Algorithm  Module  for
     IPsec

SYNOPSIS
     strmod/encr3des

DESCRIPTION
     This module implements triple-DES, which is the  application
     of  the United States Data Encryption Standard ("DES") three
     times with three different   keys  for  IPsec.   The  triple
     application  of DES, given K1, K2, and K3, happens on a per-
     block basis as follows:

          Encryption:
                Encrypt w/K1, Decrypt w/K2, Encrypt w/K3

          Decryption:
                Decrypt w/K3, Encrypt w/K2, Decrypt w/K1


     Triple-DES roughly doubles the  effective  key  strength  of
     DES.   For  further  discussions  on Triple-DES, see Applied
     Cryptography: Protocols, Algorithms, and Source Code in C by
     Bruce Schneier.

     The encr3des module uses cipher-block chaining  ("CBC"),  as
     per RFC 2451 and  has the following properties:

          Key Size
                192 bits. The  single  192-bit  key  consists  of
                three  DES  keys  concatenated  together  in  the
                _encryption_ (outbound) order.  See  encrdes(7P).
                The  encr3des  module  supports weak-key checking
                and parity-fixing to aidpf_key(7P).

          Block Size
                64 bit.


  Export Restriction
     Triple DES has an effective key  strength  of  approximately
     112  bits  and  is  only available inside the United States.
     Triple DES cannot be realistically weakened for use  outside
     the United States..

ATTRIBUTES
     See attributes(5)  for descriptions of the following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcryr (32-bit)           |
    |_____________________________|_____________________________|
    |                             | SUNWcryrx (64-bit)          |
    |_____________________________|_____________________________|
    | Interface Stability         | Evolving                    |
    |_____________________________|_____________________________|


SEE ALSO
     ipseckey(1M),attributes(5),encrdes(7P)ipsec(7P),ipsecesp(7P),pf_key(7P)

     NIST,  FIPS  PUB  46-2:  Data Encryption Standard, December,
     1993.

     Pereira, R. and Adams, R., RFC 2451, The ESP CBC-Mode Cipher
     Algorithms, The Internet Society, 1998.

     Schnier, B., Applied  Cryptography:  Protocols,  Algorithms,
     and  Source  Code  in C. Second ed. New York, New York: John
     Wiley & Sons, 1996.

Партнёры:

Хостинг: