Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


https://www.juniper.net/documentation/en_US/junos/topics/concept/ipsec-authentication-solutions.html


HMAC:   Hash-based Message Authentication Code  or Hash-based MACMAC  

MAC # signature or cryptographic checksum

>>> the message has not been changed

Stream cypher ( Block ) are very quick, good for streaming traffic, mobile traffic.


MAC https://www.youtube.com/watch?v=DiLPn_ldAAQ&ab_channel=IntroductiontoCryptographybyChristofPaar

symmetrical key ( how to exchange/distribute/change keys )
1Arbitrary Input length 
2Fix output length
3message authentication: because of the secure channel use - build with private/public Key
4Integrity ( change inline )
5None-repudiation is not given ( the Rx can create from the message the signature with the symmetrical key)


...

HMAC (   Nested MAC(MAC(message) )Integrity and Authentication
2 stage Hashing ( XOR )  with 2 different key ( ipad and ... opad )

https://www.youtube.com/watch?v=wlSG3pEiQdc&ab_channel=Computerphile

inner key  / outer key 

Keys are 510bits ( fixed value, in the standard )

ipad: 

opad:

HMAX(message) = h [ (K"+opad) || (  h(K"+ipad)||x)    ]

Sender ( Data + pre-shared Key ) > hash>> HASH1 

send: Data + Hash1

 Receiver: ( Data + preshared key)

Data > hash> Hash2 

Compare Hash2 wit rx Hash1

Usage of HMAC

IKE Phase 2 (in IPSEC VPN)

TLS (old name SSL)  for website using HTTPS

TLS replace the good old SSL / Secure Socket Layer control protocol TCP/443