Diffe-Hellman implemnetation on Cisco

EdTheLadEdTheLad Posts: 2,112Member ■■■■□□□□□□
I've been studying IPSec, IKE phase 1 main mode in particular. Messages 3 and 4 exchange the DH public keys.
Then i started to wonder what about the generator and prime exchange, when does that happen? Messages 1 and 2
send the DH Group which indicates the size of the generator and prime but not the values chosen.
I've read how both these values are very important how then relate to each other and that there are some pairs which work
extremely well together.
Now my thinking is that the Cisco implementation uses the same values for p and g all the time per DH group and that no actual exchange occurs, would that assumption be correct?
These values are public values, just wondering if they were fixed would it make the algorithm less secure ?
Anyway please share your thoughts on this.
Networking, sometimes i love it, mostly i hate it.Its all about the $$$$

Comments

Sign In or Register to comment.