PRF explanation

jarinoo3 · ‎02-20-2017

Hello,

I use it in IKEv2(site to site VPN) as I understand it is algorithm, but I don´t understand it, can someone explain me it, or send me some link.

PRF:

For IKEv2, a separate pseudo-random function (PRF) used as the algorithm to derive keying material and hashing operations required for the IKEv2 tunnel encryption. The options are the same as those used for the hash algorithm;

Thank you

Philip D'Ath · ‎02-22-2017

Basically it just generates random data so that a random key is generated.

jarinoo3 · ‎02-22-2017

Thanks for answer, but when it is in this context (It should randomly change integrity algorithm, if yes but why there are same sha algoritm?) :

crypto isakmp identity address 
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 14 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha256 sha
 group 14 5 2
 prf sha      
 lifetime seconds 86400

jarinoo3 · ‎02-25-2017

Nobody knows ???

Thanks

netizenden · ‎09-15-2021

The point is that the 'pseudo-random function' (PRF) uses 'xyz' algorithm to generate pseudo-random content for the creation of keying material during a periodic / recurring / required re-keying event or integrity check function.

For reference: (Guide to IPsec VPNs (nist.gov)

Teck Sing · ‎05-06-2024

As my understanding, the PRF also is used in IKEv1 to derive all the symmetric keys but IKEv1 doesn't support PRF algorithm selection. In IKEv2, we can assign a PRF algorithm.

- Teck Sing