cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
59201
Views
25
Helpful
7
Replies

PRF explanation

jarinoo3
Level 1
Level 1

Hello, 

I use it in IKEv2(site to site VPN)  as I understand it is algorithm, but I don´t understand it, can someone explain me it, or send me some link.

PRF:

For IKEv2, a separate pseudo-random function (PRF) used as the algorithm to derive keying material and hashing operations required for the IKEv2 tunnel encryption. The options are the same as those used for the hash algorithm;

Thank you 

7 Replies 7

Philip D'Ath
VIP Alumni
VIP Alumni

Basically it just generates random data so that a random key is generated.

Thanks for answer, but when it is in this context (It should randomly change integrity algorithm, if yes but why there are same sha algoritm?) :

crypto isakmp identity address 
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 14 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha256 sha
group 14 5 2
prf sha
lifetime seconds 86400

Nobody knows ??? 

Thanks

netizenden
Level 1
Level 1

The point is that the 'pseudo-random function' (PRF) uses 'xyz' algorithm to generate pseudo-random content for the creation of keying material during a periodic / recurring / required re-keying event or integrity check function.

For reference: (Guide to IPsec VPNs (nist.gov)

 
 

image.png

Teck Sing
Level 1
Level 1

As my understanding, the PRF also is used in IKEv1 to derive all the symmetric keys but IKEv1 doesn't support PRF algorithm selection. In IKEv2, we can assign a PRF algorithm. 

- Teck Sing

johnlloyd_13
Level 9
Level 9

hi,

just would like to clarify if PRF is the same or function as PFS?

nikitaenergycpu
Level 1
Level 1