Microsoft supports five security algorithms in NT 5.0 IPSec. These algorithms are HMAC MD5 and HMAC SHA for authentication, and DES, DES-CBC, and 3DES for encryption.
Hash Message Authentication Code (HMAC) is a secret-key algorithm. HMAC provides data integrity and origin authentication through a digital signature produced by a keyed hash function. Message Digest version 5 (MD5) algorithm is a hash function that can produce a 128-bit value. Secure Hash Algorithm (SHA) is a hash function that can produce a 160-bit value. By virtue of its increased bit value, HMAC SHA is more secure than HMAC MD5 but requires a slightly longer processing time.
Data Encryption Standard (DES) is an encryption algorithm defined and endorsed by the US government as an official standard. It breaks a message into 64-bit cipher blocks and encrypts each block using a 40-bit or 56-bit key. The US government prohibits exporting 56-bit DES. When DES works under the Cipher Block Chaining (CBC) mode (i.e., DES-CBC), it applies an exclusive OR operation to each 64-bit plain-text block with the previous cipher block before encrypting the block with the DES key. DES-CBC is more secure than DES. In triple DES (3DES), DES encrypts each cipher block three times, making 3DES far more secure than DES. The more secure the algorithm IPSec uses, the more processing time the algorithm requires.
