Solved: Is AES-256-CBC the same as AES-256-SHA?

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

安静的弓箭 · 三湘印象森林海尚,源聚路-杭州三湘印象森林海 ...· 2 月前 ·

自信的小狗 · 中华人民共和国司法部· 5 月前 ·

痴情的上铺 · Javascript ...· 5 月前 ·

聪明伶俐的青蛙 · Issue 23548: ...· 5 月前 ·

豁达的单车 · 程序员秒懂：一款优雅的翻译软件-百度开发者中心· 7 月前 ·

Hi Dean,
AES-CBC is an encryption algorithm, whereas SHA is a hashing algorithm, they are seperate algorithms. AES-GCM algorithm performs both encryption and hashing functions without requiring a seperate hashing algorithm, it is the latest Suite B Next Generation algorithm and probably not supported on as ASA 5505.

So on the ASA you'd define the encryption as AES-CBC 128|192|256 and then hashing as SHA 128|192|256, that should work fine with the PA firewall.

Example:-

crypto ikev1 policy 10
encryption aes-256
hash sha

crypto ipsec ikev1 transform-set VPN-TRANSFORM esp-aes-256 esp-sha-hmac

HTH
Hi Dean,
AES-CBC is an encryption algorithm, whereas SHA is a hashing algorithm, they are seperate algorithms. AES-GCM algorithm performs both encryption and hashing functions without requiring a seperate hashing algorithm, it is the latest Suite B Next Generation algorithm and probably not supported on as ASA 5505.

So on the ASA you'd define the encryption as AES-CBC 128|192|256 and then hashing as SHA 128|192|256, that should work fine with the PA firewall.

Example:-

crypto ikev1 policy 10
encryption aes-256
hash sha

crypto ipsec ikev1 transform-set VPN-TRANSFORM esp-aes-256 esp-sha-hmac

HTH

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

推荐文章

安静的弓箭 · 三湘印象森林海尚,源聚路-杭州三湘印象森林海尚二手房、租房、房价-杭州安居客

2 月前

自信的小狗 · 中华人民共和国司法部

5 月前

痴情的上铺 · Javascript -循环中的异步/等待计时器_for循环中的Javascript异步/等待_Javascript:在'for .. in‘循环中等待未等待异步的对象 - 腾讯云开发者社区 - 腾讯

5 月前

聪明伶俐的青蛙 · Issue 23548: TypeError in event loop finalizer, new in Python 3.4.3 - Python tracker

5 月前

豁达的单车 · 程序员秒懂：一款优雅的翻译软件-百度开发者中心

7 月前