Re: Cipher Suites explanation

[Ashutosh Jaiswal]

I changed the subject line so that it makes more sense! Neil Humphreys wrote: Hi all, I have an app that requires 2 types of secure communications: -one fully secured channel with encrypted data -one fully secured channel, *except* that the data itself is not secret, and does not need any encryption. Do you mean to say that you have something like a secured protocol (like a pipe) in which you can send data of another protocol (like water inside a pipe)? As far as I know you secure the channel by encoding your entire data stream.   Hence, I would be grateful if someone could spell out what the following cipher suite provides:   DES-CBC3-SHA Digital Encryption Standard-Cipher Block Chaining-Secured Hash (Algorithm) It means that the encryption method is DES (which is really risky to use nowadays unless u don't have any other choice). Cipher Block chaining is a method of encryption using IVs in which your cipher text is arrived by using the previous block. SHA is a checksum algorithm.   that the following one doesn't:   NULL-SHA No encryption (meaning worthless) + only checksum of the data.  I maybe wrong so please correct me.   with regards to the following security features:   1. secrecy (encryption) 2. authentication (sender/receiver validation) 3. prevention of message tampering   One other thing .. once the handshake is over, is there much CPU/network bandwidth overhead in using NULL-SHA, compared with unsecured tcp?   Many thanks! Neil Humphreys -- http://www.jaiashu.com ---------------------- "I would like to change the world, but they won't tell me the source code!"