Re: ASA-5510 supported encryption algorithms.

Casey Willoughby · ‎01-13-2016

Does the ASA5510 support 3DES-256 encryption? I've searched for some documentation but have not had any luck.

Thanks.

Karsten Iwen · ‎01-13-2016

There is no 3DES-256, but if you have the strong-encryption-license applied (you see that with "show version"), then the ASA supports both 3DES and AES (with 128/192/256 Bit).

guanbowen · ‎09-10-2018

As I always tell people that, I could be wrong.

3DES is kind of triple encrypted than DES which is not secure and "do not use" as recommended by some important organization such as NIST and else I do not remember. Encryption, has two major components, key and block of data. imagine it is like a key and a lock. key size for DES is 56bits (do not tell me the other 8 bits is part of the key as well) and data block 64 bits. 3DES key size 168bits and block size 64bits(correct me if I am wrong). so when you are saying 3DES-256, you are trying to say 256 key size which is not correct. (I could be wrong, they might have invented something new which I do not know).

However, AES which replaced DES is using different size of data block and key size for the algorithm. But, again, important organizations picked following to build a standard and Cisco uses it. Key size: 128/192/256, block size 128bits and it is always 128 bits. So you have pretty much 3 different options for AES.

On top of that, each encryption has different mode gcm, gmac, cbc and blah blah blah. That is what makes things confusing for encryption.

Once the Integrity jumps in, it is getting worse.

Hope this helps:P.

All the best