HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec Overview
IPsec Protocol Suite
Chapter 1 43
ESP Encryption and Authentication Algorithms
HP-UX IPSec ESP supports the encryption algorithms listed in Table 1-1
on page 43 and the authentication algorithms listed in Table 1-2 on
page 43. For example, HP-UX IPSec can encrypt an ESP packet using
AES and authenticate it using SHA1.
TIP HP recommends that you use AES128 with SHA1. AES is the most
secure form of encryption for HP-UX IPSec, and SHA1 is considered
more secure than MD5.
AES encryption throughput rates are comparable to or better than DES
and 3DES rates. For more information about HP-UX IPSec performance,
refer to the HP-UX IPSec Sizing and Performance document available at
www.docs.hp.com.
Table 1-1 HP-UX IPSec Encryption Algorithms
Name Description
AES Advanced Encryption Standard (AES)
Cipher Block Chaining (CBC) mode
encryption using a 128-bit key.
DES Data Encryption Standard (DES) CBC
encryption using a 56-bit key.
3DES Triple-DES CBC, three CBC
encryption iterations, each with a
different 56-bit key.
Table 1-2 HP-UX IPSec Authentication Algorithms
Name Description
MD5 Message Digest-5, 160-bit key
SHA1 Secure Hash Algorithm-1, 128-bit key