In ESP decryption table there are the following algorithms: HMAC-SHA-1-96 [RFC2404] HMAC-SHA-256-96 [draft-ietf-ipsec-ciph-sha-256-00] HMAC-SHA-256-128 [RFC4868] HMAC-SHA-384-192 [RFC4868] HMAC-SHA-512-256 [RFC4868]
And in ISAKMP (IKEv2 or IKEv1) decryption table there are the following algorithms: HMAC_SHA1_96 [RFC2404] HMAC_SHA2_256_96 [draft-ietf-ipsec-ciph-sha-256-00] HMAC_SHA2_256_128 [RFC4868] HMAC_SHA2_384_192 [RFC4868] HMAC_SHA2_512_256 [RFC4868]
So, the only difference is the name?
asked 08 Aug '16, 02:10
They all refer to the same algorithm. The SHA-1 hash function has only one output size while SHA-2 has several ones (256, 384, 512). Whenever you see "SHA256", "SHA384" or "SHA512", it refers to "SHA-2".
answered 08 Aug '16, 02:31