This article applies to NetSupport Manager v14.00. For information relating to version 12.80 and below, click here.
NetSupport Manager supports five different encryption algorithms:
- 56 bit (DES)
- 64 bit (Blowfish)
- 128 bit (Twofish)
- 256 bit (AES)
- SSL/TLS Support for Gateway connections
56 bit (DES)
The modified Lucifer algorithm was adopted by NIST as a federal standard on November 23, 1976. Its name was changed to the Data Encryption Standard (DES). The algorithm specification was published in January 1977, and with the official backing of the government, it became a very widely employed algorithm in a short amount of time. DES encrypts and decrypts data in 64 bit blocks, using a 64 bit key (although the effective key strength is only 56 bits, as explained below). It takes a 64 bit block of plaintext as input and outputs a 64 bit block of ciphertext. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm, DES is both a block cipher and a product cipher. DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the ciphertext. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially.
64 bit (Blowfish)
Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Since then, it has been analysed considerably and it is gaining acceptance as a strong encryption algorithm.
128 bit (Twofish)
Twofish is a 128 bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8 bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(28), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimised implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8 bit smart card implementation encrypts at 1820 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalysed Twofish; our best attack breaks 5 rounds with 222.5 chosen plaintexts and 251 effort.
256 bit (AES)
Rijndael (256 bit) is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate algorithm for the AES. The cipher has a variable block length and key length. We currently specified how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with al length of 128, 192 or 256 bits (all nine combinations of key length and block length are possible). Both block length and key length can be extended very easily to multiples of 32 bits. It was selected as the new AES by the NIST and therefore is the new encryption standard.
SSL/TLS support
The NetSupport Connectivity Server supports the ability to apply SSL or TLS certificates to ensure that all data sent across the NetSupport Connectivity Server is encrypted. It is possible to apply your own SSL/TLS certificate. Alternatively, the NetSupport Connectivity Server provides the option to create and use a Let’s Encrypt certificate.