In reading about Diffie Hellman Exchanges and Symmetric Encryption between Cisco Routers, and studying Cisco IOS architecture white papers, I noticed that the two large prime numbers used on Cisco Routers for the Diffie-Hellman Key Exchange(s) (which generates keying material for symmetric encryption algorithms such as DES and 3DES) are hard-coded on the devices. That got me a little excited. But I'm not sure if this is possible mathematically, as the modulus function truncates the original value prior to exchanging it over the wire. Could somebody clarify if these large prime values differ from router to router? Also, if it turns out that they are, in fact hard coded (and accessible) wouldn't that give you access to the same mechanism (DH) that generates the keying material for the encryption engine, and thereby decode transmissions between devices using your locally generated key? Does the modulus function eliminate this type of attack? And with SA lifetimes being 86,400 seconds, that gives you 24 hours to crack sessions. Maybe I'm thinking about this too much? Thanks for your thoughts Jeremy This e-mail message and all attachments transmitted with it may be confidential and are intended solely for the addressee(s). If you are not the intended recipient or the person responsible for delivering it to the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachment(s) is strictly prohibited. If you receive this email in error, please immediately notify the sender of the message or Best Software, Inc. by e-mailing postmasterat_private and destroy all copies of this message. Best Software, for the protection of our internal systems and those of our customers, does block most email attachments. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 11:59:20 PDT