Expand all | Collapse all


Jump to Best Answer
  • 1.  HMAC

    Posted 04-26-2017 06:48

    During phase 2 HMAC is using as authentication method, and HMAC apend a key to the data before hashing.

    How the 2 peers agree on that key ??? 

  • 2.  RE: HMAC

    Posted 04-26-2017 12:21



    It comes from Diffie-Hellman exchange. DH allows two peers communicating over insecure medium to generate a secret key that only they know.


    However DH is vulnerable to man-in-the middle attack that's why either pre-shared key or certificates are needed to make sure you connect to the right peer...

  • 3.  RE: HMAC

    Posted 04-27-2017 09:17

    any updates please 

  • 4.  RE: HMAC
    Best Answer

    Posted 04-27-2017 14:36

    That is correct. Not exactly the same key, but something that is calculated from it using some simple formula. If you take a look at RFC 2409 (IKEv1, the original session key is called SKEYID and the derived keys are SKEYID_e (encryption), SKEYID_a (authentication = HMAC).

  • 5.  RE: HMAC

    Posted 04-27-2017 15:17

    Dont know how thank you for the reat explanation, i have understood what i was looking for

    the article which you provided is very difficult to understand i wish if one day i would found someone like you explaning phase 1 and phase 2 in details 


    thx again for your help

  • 6.  RE: HMAC

    Posted 04-26-2017 15:01
    Thx for the replay
    Please let me get this straight, so the session key created by the DH exchange is used as a key in the HMAC algorithm and as an encryption key in the 3des for example ??