Integrity and Encryption Algorithms

Applies To: Windows Server 2008



Encapsulating Security Payload (ESP) provides confidentiality (in addition to authentication, integrity, and anti-replay) for the IP payload. ESP in Transport Mode does not sign the entire packet. Only the IP payload, not the IP header, is protected. ESP can be used alone or in combination with Authentication Header (AH). With ESP, the hash calculation only includes the ESP header, trailer, and payload. ESP provides data confidentiality services by encrypting the ESP payload with the Data Encryption Standard (DES) or triple DES (3DES) encryption algorithms. Packet replay services are provided through the inclusion of a sequence number for each packet.

ESP and AH

This option combines the security of the ESP protocol with the AH protocol. AH provides authentication, integrity, and anti-replay for the entire packet (both the IP header and the data payload carried in the packet).


The AH protocol is not compatible with network address translation (NAT) because NAT devices need to change information in the packet headers. To allow IPsec-based traffic to pass through a NAT device, you must ensure that IPsec NAT-T is supported on your IPsec peer computers.

Encryption Algorithm

AES-256, AES-192, and AES-128

The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information in data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.


These algorithms are supported only by computers running this version of Windows. If you are encrypting communications with an earlier version of Windows or a computer with an operating system that does not support these algorithms, you must use the 3DES (recommended) or DES algorithm.


IPsec policies allow the choice of a strong encryption algorithm, 3DES, which provides stronger encryption than DES for higher security. 3DES is a block cipher that uses a three-step encryption process that is much more secure than DES. A block cipher is an encryption algorithm that operates on a fixed size block of data.


DES is a block cipher that uses a 56-bit key. A block cipher is an encryption algorithm that operates on a fixed size block of data. DES encrypts data in 64-bit blocks using a 64-bit key. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for error checking, resulting in 56 bits of usable key.

Cipher block chaining (CBC) is also used to hide patterns of identical blocks of data within a packet. An initialization vector (an initial random number) is used as the first random block to encrypt and decrypt a block of data. Different random blocks are used in conjunction with the secret key to encrypt each successive block. This ensures that identical sets of unsecured data (plaintext) result in unique, encrypted data blocks.


This algorithm is no longer considered secure and should only be used for testing purposes or in cases where the remote computer cannot use a more secure algorithm.

Integrity Algorithm


Secure Hash Algorithm 1 (SHA1) was developed by the National Institute of Standards and Technology, as described in Federal Information Processing Standard (FIPS) PUB 180-1. The SHA process is closely modeled after MD5. The SHA1 computation results in a 160-bit hash that is used for the integrity check. Because longer hash lengths provide greater security, SHA is stronger than MD5.


Message Digest 5 (MD5) is based on RFC 1321. It was developed in response to a weakness found in MD4. MD5 completes four passes over the data blocks (MD4 completes three passes), using a different numeric constant for each word in the message on each pass. The number of 32-bit constants used during the MD5 computation equates to 64, ultimately producing a 128-bit hash that is used for the integrity check. While MD5 is more resource-intensive, it provides stronger integrity than MD4.


The MD5 algorithm is no longer considered secure because the key can be computationally derived.

Key regeneration

Lifetime settings determine when a new key is generated. Lifetimes allow you to force the generation of a new key (regeneration) after a specified interval or after a specified amount of data has been transmitted. For example, if the communication takes 100 minutes and you specify a key lifetime of 10 minutes, 10 keys will be generated (one every 10 minutes) during the exchange. Using multiple keys ensures that if an attacker manages to gain the key to one part of a communication, the entire communication is not compromised.


This key regeneration is for data protection (encryption) and these settings do not affect the key lifetime settings for key exchange. To change these settings, on the IPsec Settings dialog box, under Key Exchange, use the Custom option.

Key lifetime (in minutes)

You can use this setting to configure how long the key used to perform data integrity lasts, in minutes. After this interval, the key will be regenerated. Subsequent communications will use the new key.

The maximum lifetime is 2,879 minutes (48 hours). The minimum lifetime is 5 minutes.

Key lifetime (in KB)

You can use this setting to configure how many kilobytes (KB) of data are sent using the key. After this threshold is reached, the counter is reset, and the key is regenerated. Subsequent communications will use the new key.

The maximum lifetime is 2,147,483,647 KB. The minimum lifetime is 20,480 KB.

Additional references

Integrity Algorithms

Advanced Integrity and Encryption

Advanced Key Exchange Settings