HMAC-MD5-96 or HMAC-SHA1-96

[dufresnem]

Which one is preferred across an IPSEC & IKE Tunnel. I see reference to HMAC-MD5-96 as default, but other docs I come across indicates HMAC-SHA1-96 and IPSEC is the most secure.

Any clear documentation outlining the two, which one is the best to use especially with compatibility?

 

[Ntr0P]

SHA1 is the better generally speaking.

Depending on your needs, there is a bit more performance cost associated with SHA1 than MD5, but I've not personally noticed a difference in a client to network IPSec situation. If what you are protecting isn't overly critical, MD5 may be for you. If security is a concern, you'll want SHA1.

A *REAL* quick search on google turned up plenty of articles but nothing that really quantifies it enough to include a link here.

 

[dufresnem]

What I'm trying to implement is LAN to LAN VPN. I will most likely use SHA1 because the data is sensative and would require the most security over performance. I don't think performance would be impacted greatly.

I read a few articles too last night and found nothing with a lot of meat on the topic. Thanks for your input.