RE: A little OT: Diffie Hellman Exchange and Encryption on Cisco Routers

Let me answer your last question first, for impatient readers:

Yes, you're thinking about this too much. ;)

The rest is in line.

> -----Original Message-----

The first thing you should do is refresh yourself on how DH works - it's mathematically quite simple to understand, and extremely cute (um...if you like that kind of thing)

The basic principle is this - You have Bob and Alice, who want to have a shared secret - they will later use this secret to do, well, secret things like key crypto algorithms. DH is a way that they can share a secret over the insecure network by exchanging public information (as long as they know each other's identity is not being faked - DH hates MitM attacks, which is why it should be signed).

In maths terms, we take two public values - a generator (the number 2, for our purposes here) and a Big Prime - maybe, say, 3. Note: do not use three in real life ;). This Big Prime is the number that has gotten you all excited, by the way.

Next is the tricky bit. Alice and Bob both make up a large number, which they never tell anyone, and don't ever use again. I'll call them xA and xB. They both compute g ^ x mod P for their own respective x values. Example: 2 ^ 12 (Bob's secret value) mod 3 is 1. These are now what's called their DH PUBLIC values, and can be safely swapped. Next, Alice does (2^xA)^xB (all mod p of course) == 2^xA.xB mod p. Bob does the same in reverse and gets 2^xB.xA mod p, and they're both the same number because...well because.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker who intercepts these values can't work out the final product unless they can invert one of the modulus values that went across the wire, which is mathematically Hard (discrete log problem).

> Could somebody clarify if these large prime values differ

No, they won't, mainly because they're mandated in one of the IPSec RFCs (2409, cf). One of the things you need to do to make DH work is agree on a prime. It doesn't matter if that prime is public, so they decided to write down a couple of Strong Primes to save DH implementations the trouble and risk of exchanging them as part of the process.

[lots of other questions skipped, should be obvious now]

> Thanks for your thoughts

Hope this clears things up, and back to the lurk bin with me...

ben