As a higher-level protocol, IPSec does not require any specific encryption algorithms. The manufacturers of IPSec products are thus free in their choice of the processes used. The following standards are common:
- AES – Advanced Encryption Standard AES is the official encryption standard for use by US authorities, and therefore one of the most important standards worldwide. Following a worldwide competition in the year 2000 to find the best of the numerous encryption algorithms, the National Institute of Standards and Technology (NIST) selected the Rijndael algorithm (pronounced: "Rinedoll") and declared it as the AES in 2001. AES is a symmetric key algorithm with variable block and encryption lengths. It has been developed by the Belgian scientists Joan Daemen and Vincent Rijmen, and features outstanding security, flexibility and efficiency.
- DES – Data Encryption Standard DES was developed by IBM for the NSA (National Security Agency) in the early 1970s and was the worldwide security standard for years. The key length of this symmetrical process is 56 bits. Today, it is considered to be insecure due to its short key length and in the year 2000 the NIST replaced it with the AES (Rijndael algorithm). It is no longer suitable for use.
- Triple DES (a.k.a. 3-DES) A further development of DES. The conventional DES algorithm is applied three times consecutively. Two or three different keys, each with a length of 56 bits are used. The key for the first run is reused for the third DES run. The result is a nominal key length of 168 bit, with an effective key length of 112 bits. Triple-DES combines the sophisticated DES technology with a sufficiently long key and is therefore considered to be secure. Triple-DES is slower than other processes, however.
- Blowfish This development by the renowned cryptographer Bruce Schneier is a symmetrical encryption method. Blowfish achieves outstanding data throughput on multifunction processors. The process is reputed to be extremely efficient and secure.
- CAST (after the authors Carlisle Adams and Stafford Tavares) is a symmetrical method with a key
length of 128 bits. CAST permits the modification of parts of the algorithm at runtime.
Important: The encryption can be adapted from the command line. Modifications of this sort are generally only required when setting up VPN connections between devices from different manufacturers.
