Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
1
Replies

Diffie-Hellman

Keyman009
Level 1
Level 1

‎02-18-2009 05:32 PM - edited ‎02-21-2020 03:18 AM

I am watching a CBT Nugget that is explaining DH key exchange and its leaving me confused.

I thought that each end uses their own private key with the other ends public key to computer the "shared secret" key and therefore does not need to then encrypt the "shared secret" and send it across the wire.

The video I have clearly shows the shared secret being created as I explained above, but then explains that the "shared secret" key is encrypted and sent to the other end.

Can anyone help me with this problem?

0 Helpful
1 Reply 1

JamesLuther
Level 3
Level 3

‎02-19-2009 01:55 AM

Hi,

Alot of IKE/DH training material try to simplify the process. To explain everything that goes on can get quite complex. You can try looking at RFC2409 to get the full picture.

The material may be refering to the exchange of nonces. After the DH is setup the two ends exchange nonces which are then combined togther with some other values (such as PSK or certificate) and put through a hashing mechanism to create some new keys which are then used for phase 2.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card