RFC 1852 (rfc1852) - Page 2 of 6
IP Authentication using Keyed SHA
Alternative Format: Original Text Document
RFC 1852 AH SHA September 1995
1. Introduction
The Authentication Header (AH) [RFC-1826] provides integrity and
authentication for IP datagrams. This specification describes the AH
use of keys with the Secure Hash Algorithm (SHA) [FIPS-180-1].
It should be noted that this document specifies a newer version of
the SHA than that described in [FIPS-180], which was flawed. The
older version is not interoperable with the newer version.
This document assumes that the reader is familiar with the related
document "Security Architecture for the Internet Protocol" [RFC-
1825], which defines the overall security plan for IP, and provides
important background for this specification.
1.1. Keys
The secret authentication key shared between the communicating
parties SHOULD be a cryptographically strong random number, not a
guessable string of any sort.
The shared key is not constrained by this transform to any particular
size. Lengths of up to 160 bits MUST be supported by the
implementation, although any particular key may be shorter. Longer
keys are encouraged.
1.2. Data Size
SHA's 160-bit output is naturally 32-bit aligned. However, many
implementations require 64-bit alignment of the following headers, in
which case an additional 32 bits of padding is added, either before
or after the SHA output.
The size and position of this padding are negotiated as part of the
key management. Padding bits are filled with unspecified
implementation dependent (random) values, which are ignored on
receipt.
1.3. Performance
Preliminary results indicate that SHA is 62% as fast as MD5, and 80%
as fast as DES hashing. That is,
Metzger & Simpson Experimental