Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1351
Views
0
Helpful
5
Replies

cipher selection in switch

Leftz
Level 4
Level 4

ā€Ž08-16-2022 11:44 AM

Hi Switch have some week ciphers. From the below commands, we can know which cipher are available, but I am not sure which one is stronger. How can we know these ciphers? and second question is at the blow command, can we think the first one aes192-ctr would be selected and used? other ones cannot work if the first one can work. Thank you

ip ssh server algorithm encryption aes192-ctr aes256-ctr

SW(config)#ip ssh server algorithm encryption ?
3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes128-gcm AES with 128-bit key GCM mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode
aes256-gcm AES with 256-bit key GCM mode

 

0 Helpful
5 Replies 5

Joseph W. Doherty
Hall of Fame
Hall of Fame

ā€Ž08-16-2022 12:02 PM - edited ā€Ž08-16-2022 12:08 PM

Generally, including with AES, longer keys are more secure, so, for example, AES-256 with be considered more secure than AES-128.

What's I'm not current on is CBC vs. CTR vs. GCM modes.  Right now I'm trying download a Cisco Live document, on security, which might address the pros and cons of these different modes.

PS:

From a quick read of https://isuruka.medium.com/selecting-the-best-aes-block-cipher-mode-aes-gcm-vs-aes-cbc-ee3ebae173c and https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/pdf/BRKSEC-3005.pdf, it seems -GCM is the best of the three.

0 Helpful

ammahend
VIP
VIP

ā€Ž08-16-2022 12:05 PM - edited ā€Ž08-16-2022 12:07 PM

higher key length is always preferred so 256, gcm is considered more secure, cdc is vunreable to padding oracle attack, so the last option is most secure, you also have to make sure the SSH client supports this standard, in my experience some of the common clients like putty, teraterm (free) don't support GCM, some don't even support 256 bit key.

here is a screenshot from one of the client, which does not support GCM

 

 

-hope this helps-
Preview file
27 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

ā€Ž08-16-2022 12:08 PM

Depends on the model of the switch and what IOS code running on it, most of the new IOS XE support net RSA keys and SSH v2 for best.

 

look at the cisco guidance for best practices:

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

https://blog.cryptographyengineering.com/2012/05/19/how-to-choose-authenticated-encryption/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Leftz
Level 4
Level 4

ā€Ž08-16-2022 12:49 PM - edited ā€Ž08-16-2022 01:02 PM

Thank you all for your very good explanation and links. My second question has not been answered yet, which is, 

useing the blow command, can we say the first cipher aes192-ctr would be used and the second one is not used if the first one can work?  If this is a case, we should put stronger one before the week one. Is this correct?  Thank you

" ip ssh server algorithm encryption aes192-ctr aes256-ctr "

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Leftz

ā€Ž08-16-2022 03:32 PM

The handshake depends on what client you using to connect to the device, most clients have all cipher suites' latest one, they check automatically and connect based on available ciphers and compatibility, if not the client throw error also switch see log same.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card