In reading about Diffie Hellman Exchanges and Symmetric Encryption between Cisco Routers, and studying Cisco IOS architecture white papers, I noticed that the two large prime numbers used on Cisco Routers for the Diffie-Hellman Key Exchange(s) (which generates keying material for symmetric encryption algorithms such as DES and 3DES) are hard-coded on the devices. That got me a little excited. But I'm not sure if this is possible mathematically, as the modulus function truncates the original value prior to exchanging it over the wire.
Could somebody clarify if these large prime values differ from router to router?
Also, if it turns out that they are, in fact hard coded (and accessible) wouldn't that give you access to the same mechanism (DH) that generates the keying material for the encryption engine, and thereby decode transmissions between devices using your locally generated key?
Does the modulus function eliminate this type of attack? And with SA lifetimes being 86,400 seconds, that gives you 24 hours to crack sessions.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...