Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »


https://www.juniper.net/documentation/en_US/junos/topics/concept/ipsec-authentication-solutions.html


HMAC:   Hash-based Message Authentication Code  or Hash-based MAC

MAC # signature or cryptographic checksum

>>> the message has not been changed


MAC https://www.youtube.com/watch?v=DiLPn_ldAAQ&ab_channel=IntroductiontoCryptographybyChristofPaar

symmetrical key ( how to exchange/distribute/change keys )
1Arbitrary Input length 
2Fix output length
3message authentication: because of the secure channel use - build with private/public Key
4Integrity ( change inline )
5None-repudiation is not given ( the Rx can create from the message the signature with the symmetrical key)



HMAC (   Nested MAC(MAC(message) )Integrity and Authentication
2 stage Hashing ( XOR )  with 2 different key ( ipad and opad )

https://www.youtube.com/watch?v=wlSG3pEiQdc&ab_channel=Computerphile

inner key  / outer key 

Keys are 510bits ( fixed value, in the standard )

ipad: 

opad:

HMAX(message) = h [ (K"+opad) || (  h(K"+ipad)||x)    ]

Sender ( Data + pre-shared Key ) > hash>> HASH1 

send: Data + Hash1

 Receiver: ( Data + preshared key)

Data > hash> Hash2 

Compare Hash2 wit rx Hash1

Usage of HMAC

IKE Phase 2 (in IPSEC VPN)

TLS (old name SSL)  for website using HTTPS

TLS and SSL / Secure Socket Layer control protocol TCP/443

  • No labels