Data integrity is a critical function within a VPN. VPN data is transported
over the public Internet. This data could potentially be intercepted and
modified. To guard against this, each message has a hash attached to it. A hash
is a method of verifying that the contents of a transmission are the same at
both ends of the path, similar to a checksum. A hash value is created by a hash
function that takes variable input such as a packet and returns a fixed-size
string
. The hash
guarantees the integrity of the original message. If the transmitted hash
matches the received hash, the message has not been tampered with. However, if
there is no match, the message was altered. Two common hashing algorithms are
Message Digest (MD) and Secure Hash Algorithm (SHA). There are several versions
of each algorithm.
In the example in Figure
, someone
is trying to send Terry Smith a check for $10. At the remote end, Alex Jones is
trying to cash the check for $100. As the check progressed through the
Internet, it was altered. Both the recipient and dollar amounts were changed.
In this case, the hashes did not match. The transaction is no longer valid.