Home
Certification Preparation
Cisco
CCNP
CCNP Security
Diffe-Hellman implemnetation on Cisco
EdTheLad
I've been studying IPSec, IKE phase 1 main mode in particular. Messages 3 and 4 exchange the DH public keys.
Then i started to wonder what about the generator and prime exchange, when does that happen? Messages 1 and 2
send the DH Group which indicates the size of the generator and prime but not the values chosen.
I've read how both these values are very important how then relate to each other and that there are some pairs which work
extremely well together.
Now my thinking is that the Cisco implementation uses the same values for p and g all the time per DH group and that no actual exchange occurs, would that assumption be correct?
These values are public values, just wondering if they were fixed would it make the algorithm less secure ?
Anyway please share your thoughts on this.
Find more posts tagged with
Comments
EdTheLad
For anyone interested, the DH groups define the generator and prime rfc3526.
SecurityThroughObscurity
interesting, thanks for info.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
