Which two data integrity algorithms are commonly used in VPN solutions?

Email Hosting Solution

Data integrity ensures data has not been altered in the transmission. A data-integrity algorithm adds a hash to the message to guarantee the integrity of the message.

A Hashed Message Authentication Code (HMAC) is a data-integrity algorithm that ensures the integrity of the message. Two popular algorithms a VPN gateway uses for verifying integrity of data are HMAC-Message Digest 5 (HMAC-MD5) and HMAC-Secure Hash Algorithm 1 (HMAC-SHA1)

+ HMAC-MD5 uses a 128-bit shared-secret key of any size. The variable-length message and shared-secret key are combined and run through the HMAC-MD5 hash algorithm. The output is a 128-bit hash. The hash is appended to the original message and is forwarded to the remote end.

+ HMAC-SHA-1 uses a secret key of any size. The variable-length message and the shared-secret key are combined and run through the HMAC-SHA-1 hash algorithm. The output is a 160-bit hash. The hash is appended to the original message and is forwarded to the remote end.

Diffie-Hellman Group 1 (DH-1) & Diffie-Hellman Group 2 (DH-2) are two encryption algorithms for VPN, not data integrity algorithms.

RSA is also an encryption algorithm, not data integrity algorithm.

(Reference: Implementing Cisco IOS Network Security IINS)