When we consider VPNs, often our first idea is that of encryption of the user information. Be that as it may, adversaries or that intent on reading the information could However an attacker could record a conversation and afterward replay the replies between two members. What we need to do is to be able to ensure the source of the information is genuine, and that is where digital signatures and certificates come in.  To develop a Digital Signature, open key encryption systems must be in place. The development of the Digital Signature entails applying a hash capacity to the message by concatenation of the message with a known secret key and afterward applying a mathematical capacity which will produce a fixed length yield known as the digest. The digest is then encrypted with the open decryption key which produces a signature that can be appended to the message to verify that the message is from the genuine source.

The receiver recalculates the hash work and compared with the signature after applying the open key. On the off chance that the two match, then because just the originator could have realized the hash work and the private key, the message must be genuine.  Message Digest calculations use Hash capacities to delineate potential contributions to each of a large number of yields. What is ordinarily produced is a fixed length field, commonly a few hundred bits long. A secret key is shared between sender and receiver and by concatenating this with a message for transfer, the digest is produced.

MD5 (Message Digest 5) is presumably the most widely recognized hash work used, and it produces a 128 piece digest which is often appended to the header before the packet is transmitted. Any change in the message will cause the digest to change gia han chu ky so fpt, and even the source and destination IP addresses can be used together with the message contents when creating the digest, which validates the addresses.  Another mainstream hashing calculation is SHA (Secure Hash Algorithm) that produces a 160 piece digest ensuring greater security than MD5.  It does not matter to what extent the digest is, an identical digest will consistently result for an identical packet. In any case, anyone wishing to assault the system could screen exchanges and determine which packets sent in whatever order would result in some known result. This result could therefore be reproduced by replay of the messages. This is known as an impact assault.