This module implements triple-DES, which is the application of the United States Data Encryption Standard (DES) three times with three different keys for IPSec. The triple application of DES, given K1, K2, and K3, happens on a per-block basis as follows:
Encrypt w/K1, Decrypt w/K2, Encrypt w/K3
Decrypt w/K3, Encrypt w/K2, Decrypt w/K1
Triple-DES roughly doubles the effective key strength of DES. For further discussions on Triple-DES, see Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
NIST, FIPS PUB 46-2: Data Encryption Standard, December, 1993.
Pereira, R. and Adams, R., RFC 2451, The ESP CBC-Mode Cipher Algorithms, The Internet Society, 1998.
Schneier, B., Applied Cryptography: Protocols, Algorithms, and Source Code in C. Second ed. New York, New York: John Wiley & Sons, 1996.