From: Shoichi Sakane (firstname.lastname@example.org)
- Next message: Rob Simmons: "Re: Security Check Diffs Question"
- Previous message: Sheldon Hearn: "Re: TCP Wrappers and Inetd"
- In reply to: Ewan Carr: "IKE/Racoon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: email@example.com Date: Wed, 25 Jul 2001 20:11:05 +0900 From: Shoichi Sakane <firstname.lastname@example.org>
ipsec wg's mailing list is suitable for asking this question.
> What I dont understand is why for the pre-shared
> key method of authentication you need to generate
> this additional diffe hellman shared key. Does this
> actually happen or is the 'formula' above just
pre-shared key is just the one of material for authentication.
IKE daemon mixes it with the shared secret of DH. the shared secret
of DH is generated in each phase 1 exchange. so the mixing of them
makes the decipherment attack difficult.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message