1、IPSec VPN
(1) IPSec itself does not specify which algorithm to use, but only provides the framework. Users can choose any algorithm supported, and if the algorithm is cracked, it can be replaced at any time. The parameters used are as follows:
<1> hash function: MD5, SHA1;
<2> encryption algorithm: DES, 3DES, AES;
<3> encapsulation protocol: AH, ESP;
<4> encapsulation mode: transmission mode, tunnel mode;
<5> key validity period: 60s~86400s.
(2) hash function
Hash function, is used to verify data integrity (prevent data from being tampered with). Common algorithms are MD5 and SHA1.
The original file USES the hash function to calculate the hash value A. After the opposite side receives the file, it USES the same function to calculate the hash value B of the file. Compare the hash value A and B. If the hash value is the same, the file is not tampered with.
Features: hashed value length is fixed, MD5 is 128bit, SHA1 is 160bit.
Avalanche effect: if you change any of these characters, the resulting hash value will change dramatically.
Irreversibility: the hash value can only be calculated by the file, and the original file cannot be reversely obtained by the hash value.
Uniqueness: there are no two different files with the same hash value.
The existing problems of hash algorithm: it can only ensure that the data is not tampered with, the data source cannot be authenticated, and it is easy to be attacked by the intermediary.
HMAC (Keyed-hash Message Authentication Code) : Cryptographic hash information authentication code
not finished yet, daily update