GroupStudy.com - CCIE, CCNA, CCNP and other Cisco Certifications

Home

BookStore

StudyNotes

Links

[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Subject: Re: Diffie-Hellman key creation - ISAKMP [7:80467]
From: "Zsombor Papp" <nobody@xxxxxxxxxxxxxx>
Date: Mon, 8 Dec 2003 20:53:57 GMT

Alok Dube wrote:
> 
> ...and i always wondered what the *cipher_suite* actually
> meant..... any ideas?

The set of (hash, encryption, authentication) protocols used for the secure
communication.

For the question below, I think these numbers are defined as part of the
group, as you say, and the routers negotiate the number of the group at the
beginning of the IKE exchange. I also seem to remember that IKE allows the
usage of non-standard values, in which case the generator and prime numbers
would be specifically negotiated at the beginning. I don't think IOS
implements this though.

I haven't dealt with these for a long time so take this with a grain of salt.

Thanks,

Zsombor

> 
> ----- Original Message -----
> From: "calista -" 
> To: 
> Sent: Monday, December 08, 2003 10:52 AM
> Subject: Diffie-Hellman key creation - ISAKMP [7:80467]
> 
> 
> > I have been working through the process of Diffie-Hellman key
> creation on
> > cisco routers and am confused on where some of the integers
> for the
> initial
> > "public key" come from: Xa=g^a modulo p where "Xa" is the
> public key
> > generated, "g" is the generator, "a" is a private
> key/number(?) and "p" is
> a
> > large prime number. The confusion comes is this form:
> > some texts say that g & p are exchanged between the routers
> prior to
> > creating public key, others say they are well known numbers.
> Looking at
> the
> > packet exchange of IKE messages from Saadat Malik's book
> shows there is no
> > part of any packet that contains these values at all.
> >
> > Thus my confusion.
> >
> > My only in roads into this question has been looking at the
> Oakley RFC
> 2412,
> > where it stipulates that for Group 1(768 bits) or 2(1024
> bits) the values
> > "g" & "p" are detailed specifically. So, where in fact does
> the router get
> > these integers from? Are they exchanged in IKE setup (if so,
> at what
> point)
> > or are they the integers specified in the Oakley RFC? or if
> none of these
> > where/what/how/why? To add more to this fire, is "a" just
> randomly
> created?
> > If not, where does it come from.
> >
> > Thanks for any help.
> > **Please support GroupStudy by purchasing from the GroupStudy
> Store:
> > http://shop.groupstudy.com
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=80493&t=80467
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Prev by Date: Re: DE packets? [7:80421]
Next by Date: RE: SPAN on 4006 [7:80488]
Previous by thread: Re: Diffie-Hellman key creation - ISAKMP [7:80467]
Next by thread: Re: Diffie-Hellman key creation - ISAKMP [7:80467]
Index(es):
- Date
- Thread