[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: Re: question about Nonce
From: Derek Atkins <warlord () mit ! edu>
Date: 2001-10-21 12:49:45
[Download RAW message or body]
Sorry, you are correct. The cookie is reachability. The nonces
are used to derive the session key. The nonces should be used
ONLY ONCE. This means that each phase-i and each phase-ii nonce
should be generated independently.
-derek
dxh <sleepy-cat@263.net> writes:
> =09you still did not tell if the nonce in phase one and the one in=
> phase two is
> the same. And I think the cookie is not the nonce. It's cookie's=
> reachability, not
> nonce's, that is tested.
> =09I am a newbie in security area. Maybe I miss your point. Would=
> you give more
> detail?
>
>
>
> you writes:
> >The nonce provides a quick, non-cryptographic check to prevent=
> not
> >only replay but also DoS attacks. The responder should not have=
> to
> >perform any high-CPU operations (e.g. modexp) until the nonce=
> (cookie)
> >reachability test has succeeded.
> >
> >-derek
> >
> >dxh <sleepy-cat@263.net> writes:
> >
> >> =09I am not sure if the nonce in Phase One is the same as
> >> the one in Phase two. And I still can not see why there is
> >> need using nonce to prevent from replay attacking in Phase
> >> One. I think the Kes of DH exch can do this.
> >>
> >>
> >>
> >> Dong Xiaohu
> >>
> >
> >--
> > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > Member, MIT Student Information Processing Board (SIPB)
> > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > warlord@MIT.EDU PGP key available
>
> =D6=C2
> =C0=F1=A3=A1
>
> dxh
> sleepy-cat@263.net
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic