Five popular security algorithms are Hash Message Authentication Code (HMAC) Message Digest version (MD5) and HMAC Secure Hash Algorithm (SHA) for authentication, and Data Encryption Standard (DES), DES-Cipher Block Chaining (CBC), and Triple DES (3DES) for encryption. Microsoft supports four of these five security algorithms in Windows 2000 (Win2K) IP Security (IPSec): HMAC MD5, HMAC SHA, DES, and 3DES. (Windows NT 5.0 Beta 2 includes DES-CBC, but Win2K doesn't.)
HMAC is a secret-key algorithm. HMAC provides data integrity and origin authentication through a digital signature that a keyed hash function produces. The MD5 algorithm is a hash function that can produce a 128-bit value. SHA is a hash function that can produce a 160-bit value. By virtue of its increased bit value, HMAC SHA is more secure than HMAC MD5 but requires a slightly longer processing time.
DES is an encryption algorithm that the US government defines and endorses as an official standard. DES breaks a message into 64-bit cipher blocks and uses a 40-bit or 56-bit key to encrypt each block. When DES works under the CBC mode (i.e., DES-CBC), DES applies an exclusive OR operation to each 64-bit plain-text block with the previous cipher block before encrypting the block with the DES key. DES-CBC is more secure than DES. In 3DES, DES encrypts each cipher block three times, making 3DES far more secure than DES. The more secure the algorithm IPSec uses, the more processing time the algorithm requires.
