User Guide
Page 160 SonicWALL Internet Security Appliance User’s Guide
When DES is used for data communications, both sender and receiver must know the
same secret key, which can be used to encrypt and decrypt the message, or to
generate and verify a message authentication code. SonicWALL DES encryption
algorithm uses a 56 bit key.
The SonicWALL VPN DES Key must be exactly 16-characters long and is comprised of
hexadecimal characters. Valid hexadecimal characters are "0" to "9", and "a" to "f"
inclusive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be
1234567890abcdef.
• ARCFour
ARCFour is used for communications with secure Web sites using the SSL protocol.
Many banks use a 40 bit key ARCFour for online banking, while others use a 128 bit
key. SonicWALL VPN uses a 56 bit key for ARCFour.
ARCFour is faster than DES for several reasons. First, it is a newer encryption
mechanism than DES. As a result, it benefits from advances in encryption technology.
Second, unlike DES, it is designed to encrypt data streams, rather than static storage.
The SonicWALL VPN ARCFour key must be exactly 16 characters long and is comprised
of hexadecimal characters. Valid hexadecimal characters are "0" to "9", and "a" to "f"
inclusive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be
1234567890abcdef.
• Strong Encryption (TripleDES)
Strong Encryption, or TripleDES (3DES), is a variation on DES that uses a 168-bit key.
As a result, 3DES is dramatically more secure than DES, and is considered to be
virtually unbreakable by security experts. It also requires a great deal more processing
power, resulting in increased latency and decreased throughput.
The SonicWALL 3DES Key must be exactly 24 characters long and is comprised of
hexadecimal characters. Valid hexadecimal characters are "0" to "9", and "a" to "f"
inclusive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be
1234567890abcdef12345678.
• Security Parameter Index (SPI)
The SPI is used to establish a VPN tunnel. The SPI is transmitted from the remote VPN
gateway to the local VPN gateway. The local VPN gateway then uses the network,
encryption and keys associated with the SPI to establish the tunnel.
The SPI must be unique, is from one to eight characters long, and is comprised of
hexadecimal characters. Valid hexadecimal characters are "0" to "9", and "a" to "f"
inclusive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, valid SPIs would be
999 or 1234abcd.
integrated_manual.book Page 160 Friday, October 12, 2001 2:56 PM