Browse Prior Art Database

IP Authentication using Keyed SHA1 with Interleaved Padding (IP-MAC) (RFC2841)

IP.com Disclosure Number: IPCOM000005001D
Original Publication Date: 2000-Nov-01
Included in the Prior Art Database: 2001-Jul-13
Document File: 10 page(s) / 14K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

P. Metzger: AUTHOR [+2]

Abstract

This document describes the use of keyed SHA1 with the IP Authentication Header.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 24% of the total text.

Network Working Group P. Metzger Request for Comments: 2841 Piermont Category: Historic W. Simpson Obsoletes: 1852 DayDreamer

November 2000

IP Authentication using Keyed SHA1 with Interleaved Padding (IP-MAC)

Status of this Memo

This memo defines a Historic Document for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document describes the use of keyed SHA1 with the IP Authentication Header.

Table of Contents

1. Introduction ............................................. 2 1.1. Keys ..................................................... 2 1.2. Data Size ................................................ 2 1.3. Performance .............................................. 3 2. Calculation .............................................. 3 A. Changes .................................................. 5 Security Considerations ....................................... 6 Acknowledgements .............................................. 6 References .................................................... 7 Contacts ...................................................... 8 Editor's Note ................................................. 8 Full Copyright Statement ...................................... 9

Metzger Simpson Historic [Page 1]

RFC 2841 AH SHA1 IP-MAC November 2000

1. Introduction

The Authentication Header (AH) [RFC-1826] provides integrity and authentication for IP datagrams. This specification describes the AH use of keys with the Secure Hash Algorithm (SHA1) [FIPS-180-1]. This SHA1-IP-MAC algorithm uses a leading and trailing key (a variant of the "envelope method"), with alignment padding between both keys and data.

It should be noted that this document specifies a newer version of SHA than that described in [FIPS-180], which was flawed. The older version is not interoperable with the newer version.

This document assumes that the reader is familiar with the related document "Security Architecture for the Internet Protocol" [RFC- 1825], that defines the overall security plan for IP, and provides important background for this specification.

1.1. Keys

The secret authentication key shared between the communicating parties SHOULD be a cryptographically strong random number, not a guessable string of any sort.

The shared key is not constrained by this transform to any particular size. Lengths of 160-bits (20 octets) MUST be supported by the implementation, although any particular key may be shorter. Longer keys are encouraged.

1.2. Data Size

SHA1's 160-bit output is naturally 32-bit aligned. However, many implementations require 64-bit alignment of the following headers.

Therefore, several options are available for data alignment (m...