The strategy TLS/SSL chose ended up being the less secure of the two. Then a MAC is calculated over the cipher text and the resulting digest is appended. IPsec does Encrypt-then-MAC - The plaintext is encrypted first. TLS/SSL does MAC-then-Encrypt - a MAC is calculated over the plaintext, the resulting digest is appended, and then both the plaintext and the digest are encrypted to produce the cipher text. TLS and IPsec picked different strategies: The issue then, is if there are two operations. Traditionally this is done in two separate operations - one operation for Encryption, and the other operation for the MAC. Integrity is provided with a MAC, or Message Authentication Code. (i.g., 3DES IPsec is less secure than AES-128 TLS, which is less secure than AES-256 IPsec, and so on)īut if you dig into the inner workings of each, there is a critical difference between the two (although, the answer probably belongs in Information Security or Crypto Stack Exchange).Ĭonfidentiality is provided with Symmetric Encryption.
In practice, TLS/SSL/DTLS & IPSec (and SSH!) are all considered equally secure as protocols - it's more the choice of algorithms used within the protocols that make one more secure than the other. Data transferred within this tunnel is protected with Confidentiality, Integrity, and Authentication. They are both "Secure Communication" protocols which create a "tunnel" between two end points.
0 kommentar(er)
