Let me answer your last question first, for impatient readers: Yes, you're thinking about this too much. ;) The rest is in line. > -----Original Message----- > From: Jeremy Junginger [mailto:jjat_private] > Sent: Friday, August 01, 2003 8:08 PM > To: pen-test > > In reading about Diffie Hellman Exchanges and Symmetric > Encryption between > Cisco Routers, and studying Cisco IOS architecture white > papers, I noticed > that the two large prime numbers used on Cisco Routers for > the Diffie-Hellman > Key Exchange(s) (which generates keying material for > symmetric encryption > algorithms such as DES and 3DES) are hard-coded on the > devices. That got me > a little excited. But I'm not sure if this is possible > mathematically, as > the modulus function truncates the original value prior to > exchanging it over > the wire. The first thing you should do is refresh yourself on how DH works - it's mathematically quite simple to understand, and extremely cute (um...if you like that kind of thing) The basic principle is this - You have Bob and Alice, who want to have a shared secret - they will later use this secret to do, well, secret things like key crypto algorithms. DH is a way that they can share a secret over the insecure network by exchanging public information (as long as they know each other's identity is not being faked - DH hates MitM attacks, which is why it should be signed). In maths terms, we take two public values - a generator (the number 2, for our purposes here) and a Big Prime - maybe, say, 3. Note: do not use three in real life ;). This Big Prime is the number that has gotten you all excited, by the way. Next is the tricky bit. Alice and Bob both make up a large number, which they never tell anyone, and don't ever use again. I'll call them xA and xB. They both compute g ^ x mod P for their own respective x values. Example: 2 ^ 12 (Bob's secret value) mod 3 is 1. These are now what's called their DH PUBLIC values, and can be safely swapped. Next, Alice does (2^xA)^xB (all mod p of course) == 2^xA.xB mod p. Bob does the same in reverse and gets 2^xB.xA mod p, and they're both the same number because...well because. An attacker who intercepts these values can't work out the final product unless they can invert one of the modulus values that went across the wire, which is mathematically Hard (discrete log problem). > Could somebody clarify if these large prime values differ > from router to > router? No, they won't, mainly because they're mandated in one of the IPSec RFCs (2409, cf). One of the things you need to do to make DH work is agree on a prime. It doesn't matter if that prime is public, so they decided to write down a couple of Strong Primes to save DH implementations the trouble and risk of exchanging them as part of the process. [lots of other questions skipped, should be obvious now] > Thanks for your thoughts > > Jeremy Hope this clears things up, and back to the lurk bin with me... ben --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 05 2003 - 09:36:35 PDT