Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
1
Replies

Encryption algorithms such as DES /3DES

mdelgado77@hotmail.com
Level 1
Level 1

‎08-01-2003 11:33 AM - edited ‎03-09-2019 04:17 AM

In reading about Diffie Hellman Exchanges and Symmetric Encryption between Cisco Routers, and studying Cisco IOS architecture white papers, I noticed that the two large prime numbers used on Cisco Routers for the Diffie-Hellman Key Exchange(s) (which generates keying material for symmetric encryption algorithms such as DES and 3DES) are hard-coded on the devices. That got me a little excited. But I'm not sure if this is possible mathematically, as the modulus function truncates the original value prior to exchanging it over the wire.

Could somebody clarify if these large prime values differ from router to router?

Also, if it turns out that they are, in fact hard coded (and accessible) wouldn't that give you access to the same mechanism (DH) that generates the keying material for the encryption engine, and thereby decode transmissions between devices using your locally generated key?

Does the modulus function eliminate this type of attack? And with SA lifetimes being 86,400 seconds, that gives you 24 hours to crack sessions.

Maybe I'm thinking about this too much.

Thanks for your thoughts

Labels:
0 Helpful
1 Reply 1

tvanginneken
Level 4
Level 4

‎08-06-2003 03:26 AM

Hi,

The prime number at each site has to be the same since the actual DH key is generate using this formule:

g^(XbXa) mod (p) = K

where Xa is the private key of site A and Xb the private key of site B

Kind Regards,

Tom

0 Helpful
Customers Also Viewed These Support Documents