Date: Wed, 25 Jul 2001 20:11:05 +0900 From: Shoichi Sakane <sakane@kame.net> To: ewancarr@yahoo.com Cc: FreeBSD-Security@FreeBSD.ORG Subject: Re: IKE/Racoon Message-ID: <20010725201105W.sakane@kame.net> In-Reply-To: Your message of "Wed, 25 Jul 2001 11:00:13 %2B0100 (BST)" <20010725100013.15001.qmail@web13308.mail.yahoo.com> References: <20010725100013.15001.qmail@web13308.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ipsec wg's mailing list is suitable for asking this question. > What I dont understand is why for the pre-shared > key method of authentication you need to generate > this additional diffe hellman shared key. Does this > actually happen or is the 'formula' above just > confusing.. pre-shared key is just the one of material for authentication. IKE daemon mixes it with the shared secret of DH. the shared secret of DH is generated in each phase 1 exchange. so the mixing of them makes the decipherment attack difficult. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010725201105W.sakane>