Diffe-Hellman implemnetation on Cisco
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
I've been studying IPSec, IKE phase 1 main mode in particular. Messages 3 and 4 exchange the DH public keys.
Then i started to wonder what about the generator and prime exchange, when does that happen? Messages 1 and 2
send the DH Group which indicates the size of the generator and prime but not the values chosen.
I've read how both these values are very important how then relate to each other and that there are some pairs which work
extremely well together.
Now my thinking is that the Cisco implementation uses the same values for p and g all the time per DH group and that no actual exchange occurs, would that assumption be correct?
These values are public values, just wondering if they were fixed would it make the algorithm less secure ?
Anyway please share your thoughts on this.
Then i started to wonder what about the generator and prime exchange, when does that happen? Messages 1 and 2
send the DH Group which indicates the size of the generator and prime but not the values chosen.
I've read how both these values are very important how then relate to each other and that there are some pairs which work
extremely well together.
Now my thinking is that the Cisco implementation uses the same values for p and g all the time per DH group and that no actual exchange occurs, would that assumption be correct?
These values are public values, just wondering if they were fixed would it make the algorithm less secure ?
Anyway please share your thoughts on this.
Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
Comments
-
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
For anyone interested, the DH groups define the generator and prime rfc3526.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
