A method of key generation using public key cryptography. The Diffie-Hellman algorithm is begun by two users exchanging public information. Each user then mathematically combines the other's public information along with their own secret information to compute a shared secret value. This secret value can be used as a session key or as a key encryption key for encrypting a randomly generated session key. This method generates a session key based on public and secret information held by both users.
Digital Signature Algorithm. A public key algorithm for digital signatures. See the Applied Cryptography book by Bruce Schneier for a complete description.
Digital Signature Standard. A U. S. Government digital signature standard that is a standard for digital signatures using the DSA public key algorithm and the SHA hash algorithm.
Hash Message Authentication Code. A secret key authentication algorithm that can provide both data origin authentication and data integrity for packets sent between the two parties. However, in order to do this only the source and destination must know the HMAC key. If the HMAC is correct, this proves that it must have been added by the source.
A message-digest algorithm (described in RFC 1321) that computes a secure, irreversible, cryptographically strong hash value for a document. Most consider the SHA-1 algorithm to be more secure. See SHA.
An authentication method in IKE. The two peers configure a shared password that is used to authenticate the endpoints by means of encryption. If a receiver can decipher a packet encrypted by a sender, the receiver then knows that the sender knows the same secret it knows. This authentication method works well for very limited number of hosts. For a large set of hosts, use certificate-based authentication.
A method in which each host has two keys: a private key and a public key. The private key is used for signing outgoing messages and decrypting incoming messages; the public key is used by others to confirm the authenticity of a signed message coming from a specific host and for encrypting messages addressed to that specific host. The private key is just that, private; it must not be available to anyone but it's owner. The public key, however, is spread through trusted channels to anyone.
A public-key encryption and digital signature algorithm. See the Applied Cryptography book by Bruce Schneier for a complete description.
Secure Hash Algorithm Version 1. A cryptographically strong hash algorithm (described in FIPS PUB 180-1) that was designed by the National Security Agency (NSA), and is part of the U.S. Digital Signature Standard. See MD5.
Security Parameter Index. An arbitrary value used in combination with a destination address and a security protocol to uniquely identify an SA. It enables a receiving system to determine which SA to use in processing an incoming IP packet.