Cisco Cisco Packet Data Gateway (PDG) Guida Alla Risoluzione Dei Problemi
IKEv2 Security Association Configuration Mode Commands
prf ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
prf
Select one of the HMAC integrity algorithms to act as the IKE Pseudo-Random Function. A PRF produces a string of
bits that an attacker cannot distinguish from random bit string without knowledge of the secret key.The default is SHA1.
bits that an attacker cannot distinguish from random bit string without knowledge of the secret key.The default is SHA1.
Product
PDIF
Privilege
Security Administrator, Administrator
Syntax
MD5 uses a 128-bit secret key and produces a 128-bit authenticator value.
SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value.
SHA-1 is considered cryptographically stronger than MD5, but it takes more CPU cycles to compute.
This is the default setting for this command.
SHA-1 is considered cryptographically stronger than MD5, but it takes more CPU cycles to compute.
This is the default setting for this command.
Usage
The prf is used for generating keying material for all the cryptographic algorithms used in both the IKE_SA
and the CHILD_SAs.
and the CHILD_SAs.
Example
This configuration sets the prf to be the default value (sha1):
This configuration sets the prf to be the default value (sha1):