From owner-freebsd-security Wed Jul 25 4:13: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id D7CF037B40E for ; Wed, 25 Jul 2001 04:11:09 -0700 (PDT) (envelope-from sakane@kame.net) Received: from localhost ([3ffe:501:4819:1000:260:1dff:fe1e:f7d4]) by mine.kame.net (8.11.1/3.7W) with ESMTP id f6PBGYY50269; Wed, 25 Jul 2001 20:16:34 +0900 (JST) To: ewancarr@yahoo.com Cc: FreeBSD-Security@FreeBSD.ORG Subject: Re: IKE/Racoon In-Reply-To: Your message of "Wed, 25 Jul 2001 11:00:13 +0100 (BST)" <20010725100013.15001.qmail@web13308.mail.yahoo.com> References: <20010725100013.15001.qmail@web13308.mail.yahoo.com> X-Mailer: Cue version 0.6 (010413-1707/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20010725201105W.sakane@kame.net> Date: Wed, 25 Jul 2001 20:11:05 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 12 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ipsec wg's mailing list is suitable for asking this question. > What I dont understand is why for the pre-shared > key method of authentication you need to generate > this additional diffe hellman shared key. Does this > actually happen or is the 'formula' above just > confusing.. pre-shared key is just the one of material for authentication. IKE daemon mixes it with the shared secret of DH. the shared secret of DH is generated in each phase 1 exchange. so the mixing of them makes the decipherment attack difficult. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message