https://www.juniper.net/documentation/en_US/junos/topics/concept/ipsec-authentication-solutions.html
HMAC: Hash-based Message Authentication Code or Hash-based MACMAC
MAC # signature or cryptographic checksum
>>> the message has not been changed
Stream cypher ( Block ) are very quick, good for streaming traffic, mobile traffic.
MAC | https://www.youtube.com/watch?v=DiLPn_ldAAQ&ab_channel=IntroductiontoCryptographybyChristofPaar |
---|---|
symmetrical key ( how to exchange/distribute/change keys ) | |
1 | Arbitrary Input length |
2 | Fix output length |
3 | message authentication: because of the secure channel use - build with private/public Key |
4 | Integrity ( change inline ) |
5 | None-repudiation is not given ( the Rx can create from the message the signature with the symmetrical key) |
HMAC ( Nested MAC(MAC(message) ) | Integrity and Authentication |
---|---|
2 stage Hashing ( XOR ) with 2 different key ( ipad and |
opad ) | https://www.youtube.com/watch?v=wlSG3pEiQdc&ab_channel=Computerphile inner key / outer key Keys are 510bits ( fixed value, in the standard ) ipad: opad: HMAX(message) = h [ (K"+opad) || ( h(K"+ipad)||x) ] |
Sender ( Data + pre-shared Key ) > hash>> HASH1 send: Data + Hash1 | Receiver: ( Data + preshared key) Data > hash> Hash2 Compare Hash2 wit rx Hash1 |
Usage of HMAC | |
---|---|
IKE Phase 2 (in IPSEC VPN) | |
TLS (old name SSL) for website using HTTPS TLS replace the good old SSL / Secure Socket Layer control protocol TCP/443 |