Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

SHA-512 unavailable for hashing method in Checkpoint Firewall

Hi Team,

SHA-512 is not available as Hashing option in Checkpoint Firewall to configure in VPN community. Even I checked the same on R80.30 as well but its still not feasible. Screenshot attached below.

When can we expect SHA-512 to be included in configuration as nowadays many clients ask to use SHA-512 for Integrity. 

 

Thanks,

CSR

Mobile- +91- 971 727 2237

SHA-512 unavailable.jpg

0 Kudos
9 Replies
Highlighted
Admin
Admin

It will presumably be in an upcoming release.
Not sure if it's in R80.40 or not.
Highlighted
Silver

Sha384 is a truncated output of SHA512, so you will benefit from 64-bit computing and 512-bits states (but no VPN acceleration R80 mechanism I believe), so you can consider for customers asking you for the biggest number.

Highlighted
Iron

Yeah @PhoneBoy But Checkpoint must include this option as earliest as possible.

 

Thanks,

CSR

0 Kudos
Highlighted
Admin
Admin

There does appear to be a customer release of R80.30 that enables SHA512 support.
It can be obtained through your local Check Point office.
Highlighted
Iron

Thanks @PhoneBoy, will reach out to CP office for the solution.
0 Kudos
Highlighted

SHA-384 works fine, but is still not implemented in SecureXL.  So any VPN traffic using SHA-384 for a hashing algorithm will be ineligible for acceleration by SecureXL.  All the other encryption and hashing algorithms are eligible for acceleration, including the GCM variants of AES which were added to SecureXL recently and are particularly speedy if AES-NI is present.

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
Highlighted
Iron

Thanks @Timothy_Hall for the explanation. Actually my point is also the same. There is no point of using SHA-384/512 is it's not included in SecureXL. For 1-2 VPN it may be okay but not more VPNs as it can cause Firewall performance issues. So I believe we'll have to wait until Checkpoint includes SHA-512/384 to be used with SecureXL.

 

Thanks,

CSR

 

0 Kudos
Highlighted
Ivory

We did upgrade to R80.40. SHA512 still not available. Does anybody know when Check Point plans to implement it?

0 Kudos
Highlighted
Employee
Employee

Hi,

SHA-512 support was added into R81 (also to SecureXL).

SHA-384 was added to SecureXL as part of R81 as well.

Thanks,

Idan Tsarfati.

0 Kudos