Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Hash algorithms

A hash function is a cryptographic algorithm that is used for message authentication. A hash function takes a message of arbitrary length and produces an output of fixed length, called a message digest or fingerprint. Hash functions are used to verify that messages have not been tampered with.

The vRouter supports the following hash functions.

Table 1. Supported hash functions
Cipher Description

MD5

MD5 is the most recent version of message digest algorithm. MD5 takes a message of arbitrary length and produces a 128-bit condensed digital representation, called a message digest. It is often used when a large file must be compressed and encrypted, then signed with a digital signature.

Message digest is quite fast and efficient compared with SHA-1 because it uses primitive operations and produces a shorter message. However, it is not as secure as SHA, and has reportedly been compromised in some ways, though not yet in ways that make it insecure.

SHA-1

SHA stands for Secure Hash Algorithm, also known as the Secure Hash Standard. The SHA hash functions are five one-way cryptographic algorithms for computing a message digest.

SHA-1 is an extension of the original SHA, and is the standard hash algorithm supported by the U.S. government. SHA-1 takes a message of arbitrary length (the message must be smaller than 2^64 bits) and produces a 160-bit message digest.

SHA-1 is slower than MD5, but it is more secure because the additional bits in the message digest provide more protection from brute-force attacks.

SHA-2 SHA-2 is a stronger algorithm than SHA-1 with a longer hash value. The vRouter supports 256-bit, 384-bit, and 512-bit SHA-2 algorithms, which are used to calculate a 128-bit hash message authentication code (HMAC) to verify the message.