Friday, January 9, 2015

Aria and SEED as alternatives to AES

Two additional ciphers that are not as widely known but available for ipsecs are defined by A Korean Based group

ARIA & SEED, both of which are block based ciphers. I believe these don't fall under the USA munition-export restrictions nor have restrictions for exporting.

Like AES, they are built around 128bit block size with key bit-sizes of 128 192 256 for ARIA and a 128 key bit-size for SEED. I only known of one Commercial firewall vendor that supports these  ciphers FortiNet.

To determine if your firewall has support for these ciphers you can use the cli command diag vpn ipsec status

( fortigate without-support )

( fortigate with support )

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       /  \

No comments:

Post a Comment