RFC 1828 (rfc1828) - Page 1 of 5

IP Authentication using Keyed MD5

Alternative Format: Original Text Document
Next >
Network Working Group                                         P. Metzger
Request for Comments: 1828                                      Piermont
Category: Standards Track                                     W. Simpson
                                                              Daydreamer
                                                             August 1995


                   IP Authentication using Keyed MD5



Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.


Abstract

   This document describes the use of keyed MD5 with the IP
   Authentication Header.


Table of Contents

     1.     Introduction ..........................................    1
        1.1       Keys ............................................    1
        1.2       Data Size .......................................    1
        1.3       Performance .....................................    1

     2.     Calculation ...........................................    2

     SECURITY CONSIDERATIONS ......................................    2
     ACKNOWLEDGEMENTS .............................................    3
     REFERENCES ...................................................    3
     AUTHOR'S ADDRESS .............................................    4












Metzger & Simpson             Standards Track                   [Page i]

RFC 1828                         AH MD5                      August 1995


1.  Introduction

   The Authentication Header (AH) [RFC-1826] provides integrity and
   authentication for IP datagrams.  This specification describes the AH
   use of keys with Message Digest 5 (MD5) [RFC-1321].

   All implementations that claim conformance or compliance with the
   Authentication Header specification MUST implement this keyed MD5
   mechanism.

   This document assumes that the reader is familiar with the related
   document "Security Architecture for the Internet Protocol" [RFC-
   1825], which defines the overall security plan for IP, and provides
   important background for this specification.



1.1.  Keys

   The secret authentication key shared between the communicating
   parties SHOULD be a cryptographically strong random number, not a
   guessable string of any sort.

   The shared key is not constrained by this transform to any particular
   size.  Lengths of up to 128 bits MUST be supported by the
   implementation, although any particular key may be shorter.  Longer
   keys are encouraged.



1.2.  Data Size

   MD5's 128-bit output is naturally 64-bit aligned.  Typically, there
   is no further padding of the Authentication Data field.



1.3.  Performance

   MD5 software speeds are adequate for commonly deployed LAN and WAN
   links, but reportedly are too slow for newer link technologies [RFC-
   1810].

   Nota Bene:
      Suggestions are sought on alternative authentication algorithms
      that have significantly faster throughput, are not patent-
      encumbered, and still retain adequate cryptographic strength.



Metzger & Simpson             Standards Track
Next >