Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Diffe Hellman and Pre-Shared Keys - VPN Assistance

Reply
Thread Tools

Diffe Hellman and Pre-Shared Keys - VPN Assistance

 
 
Darren Green
Guest
Posts: n/a
 
      10-20-2004
All,

I'm going crazy here trying to get my head around all the various concepts.
After days of reading and researching I am still not quite there. Perhaps
someone would be kind enough to comment.

My goal is to attempt to understand the Diffe Hellman process. In simple
terms (if that's possible) I believe that the following happens when 2 x
peers are negotiating a shared secret key.

1) 2 x peers generate a random number and send these to each other via an
insecure channel
2) The above numbers are then combined to generate a primitive number (i.e a
third number)
3) Each peer generates a Private Key
4) Each user generates a public key by combining (3) and (1+2)
5) The public keys are exchanged
6) Each peer then generates a shared secret number by combining (*4 + 3) *NB
Their peers public key
7) A shared secret key is then derived from the shared secret number

As a side note and to clarify my understanding further: the shared secret
key in (7) is nothing to do with the shared secret key for the IPSEC SA
which is set up in IKE Phase 2. The purpose of the latter being to encrypt
the data being sent following completion of the phase 2 SA.

This would mean that each peer has: IKE: A private + public Key - IPSEC: A
shared secret key

Regards
--
Darren Green


 
Reply With Quote
 
 
 
 
Darren Green
Guest
Posts: n/a
 
      10-20-2004
That should have read: 'The purpose of the latter being to authenticate the
peers' and not encrypt the data'. Additionally, I believe that the
pre-shared key is used in IKE phase 1 not 2.

Regards

Darren

> As a side note and to clarify my understanding further: the shared secret
> key in (7) is nothing to do with the shared secret key for the IPSEC SA
> which is set up in IKE Phase 2. The purpose of the latter being to encrypt
> the data being sent following completion of the phase 2 SA.
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yet Another Diffie-Hellman Alternative Lawrence D'Oliveiro NZ Computing 0 03-05-2010 01:52 AM
Why use diffie-hellman in IPSec when using a PSK? bradmbreer@gmail.com Cisco 5 03-20-2007 08:37 PM
Diffie-Hellman-Merkle Key Exchange Program Protoman C++ 4 07-30-2006 09:08 PM
who can give me a lmplement of Diffie-Hellman key exchange. say88 C++ 3 12-15-2005 10:36 PM
Diffie Hellman profile0104 Cisco 3 08-01-2005 10:54 PM



Advertisments