Cryptography - jibingl/CCNA-CCNP GitHub Wiki
Cisco resource - Next Generation Cryptography
| DES | 3DES | AES | RC4 | RSA | DSA | DH | ECDH | ECDSA | |
|---|---|---|---|---|---|---|---|---|---|
| Algorithm Category | Symmetric Key | Asymmetric Key (Public Key) | |||||||
| Cipher Type | Block cipher | Stream cipher | |||||||
| Cipher/Key Size (bits) | 64 (56) | 112 or 168 | 128, 192 or 256 | 1-2048 | 1024, 2048, 4096... | 224, 256, 384, 521 ... | |||
| Data Block Size (bits) | 64 | 64 | 128 | ||||||
| Mathematics | Boolean | Factoring large prime numbers | Discrete logarithm | Elliptic curve | |||||
| Implementation | Mass/Bulk data encryption | PKI-Certificate | Digital signature | Key exchange | Digital signature | ||||
| Hash | HMAC | |
|---|---|---|
| Function | Hash(Message) | Hash(Message + Pre-shared Secret Key) |
| Cons/Pros | Vulnerable to MITM attack | Insert a pre-shared secret key into the hashing process |
| Applications | Integrity check | Integrity, authentication, & certificates |
HMAC - Hashed Message Authentication Code
Combining symmetric encryption and hash algorithm to achieve both data encryption and authentication/integrity at a time.
AEAD - Add "associated data" (AD) to AE. AD remains unencrypted but integrity-protected. A typical example of AD is the destination routing information (IP address) of a network packet.