Diffe Hellman and Pre-Shared Keys - VPN Assistance

Discussion in 'Cisco' started by Darren Green, Oct 20, 2004.

  1. Darren Green

    Darren Green Guest

    All,

    I'm going crazy here trying to get my head around all the various concepts.
    After days of reading and researching I am still not quite there. Perhaps
    someone would be kind enough to comment.

    My goal is to attempt to understand the Diffe Hellman process. In simple
    terms (if that's possible) I believe that the following happens when 2 x
    peers are negotiating a shared secret key.

    1) 2 x peers generate a random number and send these to each other via an
    insecure channel
    2) The above numbers are then combined to generate a primitive number (i.e a
    third number)
    3) Each peer generates a Private Key
    4) Each user generates a public key by combining (3) and (1+2)
    5) The public keys are exchanged
    6) Each peer then generates a shared secret number by combining (*4 + 3) *NB
    Their peers public key
    7) A shared secret key is then derived from the shared secret number

    As a side note and to clarify my understanding further: the shared secret
    key in (7) is nothing to do with the shared secret key for the IPSEC SA
    which is set up in IKE Phase 2. The purpose of the latter being to encrypt
    the data being sent following completion of the phase 2 SA.

    This would mean that each peer has: IKE: A private + public Key - IPSEC: A
    shared secret key

    Regards
    --
    Darren Green
    Darren Green, Oct 20, 2004
    #1
    1. Advertising

  2. Darren Green

    Darren Green Guest

    That should have read: 'The purpose of the latter being to authenticate the
    peers' and not encrypt the data'. Additionally, I believe that the
    pre-shared key is used in IKE phase 1 not 2.

    Regards

    Darren

    > As a side note and to clarify my understanding further: the shared secret
    > key in (7) is nothing to do with the shared secret key for the IPSEC SA
    > which is set up in IKE Phase 2. The purpose of the latter being to encrypt
    > the data being sent following completion of the phase 2 SA.
    >
    Darren Green, Oct 20, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest

    VBScript to generate strong WPA pre shared keys?

    Guest, Nov 6, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    956
    Anusha Dandapani [MSFT]
    Nov 15, 2004
  2. profile0104

    Diffie Hellman

    profile0104, Jul 28, 2005, in forum: Cisco
    Replies:
    3
    Views:
    1,945
  3. tweety

    View pre shared keys on pix

    tweety, Nov 6, 2007, in forum: Cisco
    Replies:
    4
    Views:
    682
    Brian V
    Nov 6, 2007
  4. Elia Spadoni

    VPN: RSA vs Pre-Shared

    Elia Spadoni, Mar 23, 2008, in forum: Cisco
    Replies:
    6
    Views:
    4,433
    Elia Spadoni
    Mar 24, 2008
  5. Jason
    Replies:
    1
    Views:
    428
    Uli Link
    Sep 9, 2008
Loading...

Share This Page