Authentication Header (AH) Protocol

The Authentication Header (AH) protocol provides a means to verify the authenticity/integrity of the content and origin of a packet. You can authenticate the packet by the checksum calculated thourgh a Hash Message Authentication Code (HMAC) using a secret key and either MD5 or SHA-1 hash functions.

• Message Digest 5 (MD5)—An algorithm that produces a 128-bit hash (also called a digital signature or message digest) from a message of arbitrary length and a 16-byte key. The resulting hash is used, like a fingerprint of the input, to verify content and source authenticity and integrity.
• Secure Hash Algorithm-1 (SHA-1)—An algorithm that produces a 160-bit hash from a message of arbitrary length and a 20-byte key. It is generally regarded as more secure than MD5 because of the larger hashes it produces. Because the computational processing is done in the ASIC, the performance cost is negligible.

  Note: For more information on MD5 and SHA-1 hashing algorithms, see the following RFCs: for more information on MD5, see RFCs 1321, 2403; for more information on SHA-, see RFC 2404; for more information on HMAC, see RFC 2104.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.