|
TRONG>:MD5消息摘要,和SHA一样从MD4发展而来的,产生一个128位长的摘要,SHA比MD5更安全,但更耗资源.
Oakley: 一种KEY交换协议,它的一个基本机制就是Diffie-Hellman KEY交换算法
Perfect Forward Secrecy (PFS): PFS ensures that a given IPSec SA key was not derived from any other secret (like some other keys). In other words, if someone breaks a key, PFS ensures that the attacker is not able to derive any other key. If PFS is not enabled, someone can potentially break the IKE SA secret key, copy all the IPSec protected data, and then use knowledge of the IKE SA secret in order to compromise the IPSec SAs setup by this IKE SA. With PFS, breaking IKE does not give an attacker immediate access to IPSec. The attacker needs to break each IPSec SA individually. The Cisco IOS IPSec implementation uses PFS group 1 (D-H 768 bit) by default.
Replay-detection: A security service where the receiver can reject old or duplicate packets in order to defeat replay attacks (replay attacks r 页码:[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] 第3页、共13页 |
