HP-UX IPSec version A.02.01 Administrator's Guide
Product Specifications
HP-UX IPSec Transforms
Appendix A 9
HP-UX IPSec Transforms
Comparative Key Lengths
Table 1-2 lists the key lengths of AH and ESP algorithms. In general, the
longer the key length, the more secure the encryption algorithm will be.
AES encryption provides the most secure encryption, but should be used
with some form of authentication, such as the ESP-AES128-HMAC-SHA1
authenticated ESP transform.
WARNING DES has been cracked (data encoded using DES has been
decoded by a third party). HP recommends that you use DES
only if you are required to do so for compatibility reasons or
because of legal restrictions.
3DES (Triple-DES) uses three independent 56-bit keys. The data is
encrypted three times, using the three keys.
AES with HP-UX IPSec supports 128-bit keys. AES encryption is
stronger than that of 3DES. In addition, processing speed is faster with
AES, comparable to or better than that of DES encryption.
HMAC-SHA1 generates a 160-bit message digest and uses a 160-bit
shared secret key to encrypt the digest.
HMAC-MD5 generates a 128-bit message digest and uses a 128-bit
shared secret key to encrypt the digest.
Table A-2 AH and ESP Algorithms and Key Lengths
Algorithm Key Length
ESP-DES 56
ESP-3DES 168 (3 x 56)
ESP-AES 128
AH-MD5 128
AH-SHA1 160