다음을 통해 공유


Quick Mode Security Association (Windows Embedded CE 6.0)

1/6/2010

The quick mode security association is the second phase in a two-phase negotiation process. During the quick mode security negotiation phase, a security association (SA) is negotiated on behalf of the IPSec driver.

The IPSec devices exchange the following requirements for enhancing the security of the data transfer:

  • The IPSec protocol (AH or ESP).

  • The hash algorithm for data integrity and authentication. IPSec uses the following message authentication code (HMAC) algorithms:

    Algorithm Description

    HMAC-MD5

    Produces a 128-bit value.

    HMAC-SHA1

    Produces a 160-bit value. While somewhat slower than HMAC-MD5, HMAC-SHA1 is more secure.

  • The algorithm for encryption, if it is requested (3DES or DES).

The following table shows the SA parameters for quick mode, in preferential order.

Encryption Integrity Comments

3DES

HMAC-MD5

None.

3DES

HMAC-SHA

None.

DES

HMAC-MD5

None.

DES

HMAC-SHA

None.

-

HMAC-MD5

Disabled by default.

-

HMAC-SHA

Disabled by default.

See Also

Concepts

Security Association
Main Mode Security Association