The
variable-length message and 128-bit shared secret key are combined and run through
the HMAC-MD5 hash algorithm. The output is a 128-bit hash. The hash is appended
to the original message and forwarded to the remote end.
?– HMAC-Secure Hash Algorithm 1 (SHA-1): HMAC-SHA-1 uses a 160-bit secret
key. The variable-length message and the 160-bit shared secret key are combined and
run through the HMAC-SHA-1 hash algorithm. The output is a 160-bit hash. The hash
is appended to the original message and forwarded to the remote end.
When conducting business long distance, it is necessary to know who is at the other end of
the phone, e-mail, or fax. The same is true of VPN networks. The device on the other end
of the VPN tunnel must be authenticated before the communication path is considered
secure. This is illustrated in Figure 8-14.
Figure 8-14 Peer Authentication
The two peer authentication methods are as follows:
?– PSKs: A secret key value that is entered into each peer manually and is used to
authenticate the peer. At each end, the PSK is combined with other information to form
the authentication key.
?– RSA signatures: Use the exchange of digital certi?¬?cates to authenticate the peers.
Pages:
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464