RFC 1828 (rfc1828) - Page 1 of 5
IP Authentication using Keyed MD5
Alternative Format: Original Text Document
Network Working Group P. Metzger
Request for Comments: 1828 Piermont
Category: Standards Track W. Simpson
Daydreamer
August 1995
IP Authentication using Keyed MD5
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This document describes the use of keyed MD5 with the IP
Authentication Header.
Table of Contents
1. Introduction .......................................... 1
1.1 Keys ............................................ 1
1.2 Data Size ....................................... 1
1.3 Performance ..................................... 1
2. Calculation ........................................... 2
SECURITY CONSIDERATIONS ...................................... 2
ACKNOWLEDGEMENTS ............................................. 3
REFERENCES ................................................... 3
AUTHOR'S ADDRESS ............................................. 4
Metzger & Simpson Standards Track [Page i]
RFC 1828 AH MD5 August 1995
1. Introduction
The Authentication Header (AH) [RFC-1826] provides integrity and
authentication for IP datagrams. This specification describes the AH
use of keys with Message Digest 5 (MD5) [RFC-1321].
All implementations that claim conformance or compliance with the
Authentication Header specification MUST implement this keyed MD5
mechanism.
This document assumes that the reader is familiar with the related
document "Security Architecture for the Internet Protocol" [RFC-
1825], which defines the overall security plan for IP, and provides
important background for this specification.
1.1. Keys
The secret authentication key shared between the communicating
parties SHOULD be a cryptographically strong random number, not a
guessable string of any sort.
The shared key is not constrained by this transform to any particular
size. Lengths of up to 128 bits MUST be supported by the
implementation, although any particular key may be shorter. Longer
keys are encouraged.
1.2. Data Size
MD5's 128-bit output is naturally 64-bit aligned. Typically, there
is no further padding of the Authentication Data field.
1.3. Performance
MD5 software speeds are adequate for commonly deployed LAN and WAN
links, but reportedly are too slow for newer link technologies [RFC-
1810].
Nota Bene:
Suggestions are sought on alternative authentication algorithms
that have significantly faster throughput, are not patent-
encumbered, and still retain adequate cryptographic strength.
Metzger & Simpson Standards Track