• Instant IPsec Review


    见:Instant IPsec Review
    部分摘录如下:
    IPsec requires that participating devices establish a Security Association (SA) where they agree on how to go about encrypting data. This SA is set up when the initial packet(s) of a flow matchs an access list (ACL) on one endpoint of the SA, triggering the endpoint to try to establish an SA with another IPsec endpoint.
    In order to establish an SA, the two IPsec devices typically use an automatic technique called IKE (ISAKMP). IKE stands for Internet Key Exchange. IKE uses asymmetric public key cryptography to securely establish the SA between the two devices. The first stage of IKE, Phase 1, is for the devices to authenticate to each other. In the second stage of IKE, Phase 2, the devices then negotiate securely as to what form of encryption to use, and the other parameters of the SA (lifetime for example). The outcome of all this is the secure exchange of a single key. This key is subsequently used by both endpoints for encoding and decoding messages using the DES or 3DES symmetric encryption algorithm.
    IPsec uses DES or 3DES because using public key cryptography to encrypt large data flows is still too processor intense. Public key cryptography is only used during IKE to encode small amounts of data, namely the negotiation to agree upon rules for the security association and the symmetric key exchange. IKE is simply the preliminary asymmetric process used to get the two endpoints talking and agreeing on a symmetric key.
  • 相关阅读:
    DynamoDB-条件表达式ConditionExpression
    更新表达式updateExpression
    AWS AppSync 的基本语句
    post和get的区别
    图片缩小右移旋转
    加入购物车飞入特效
    c# out参数直接写法
    unity vs 重复打开
    canvas与sprite射线检测
    MySQL语法大全
  • 原文地址:https://www.cnblogs.com/jjkv3/p/1171216.html
Copyright © 2020-2023  润新知