8/28/2008 The quick mode security association is the second phase in a two-phase negotiation process. During the quick mode security negotiation phase, a security association (SA) is negotiated on behalf of the IPSec driver.
The IPSec devices exchange the following requirements for enhancing the security of the data transfer:
- The IPSec protocol (AH or ESP).
- The hash algorithm for data integrity and authentication. IPSec uses the following message authentication code (HMAC) algorithms:
| Algorithm | Description |
| HMAC-MD5 | Produces a 128-bit value. |
| HMAC-SHA1 | Produces a 160-bit value. While somewhat slower than HMAC-MD5, HMAC-SHA1 is more secure. |
- The algorithm for encryption, if it is requested (3DES or DES).
The following table shows the SA parameters for quick mode, in preferential order.
| Encryption | Integrity | Comments |
| 3DES | HMAC-MD5 | None. |
| 3DES | HMAC-SHA | None. |
| DES | HMAC-MD5 | None. |
| DES | HMAC-SHA | None. |
| - | HMAC-MD5 | Disabled by default. |
| - | HMAC-SHA | Disabled by default. |
See Also