[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Nonce lengths in ISAKMP messages
Hi. I had a few questions on nonces:
What should the length of the nonces in the ISAKMP messages be?
According to draft-ietf-ipsec-oakley-02, section 2.3.1:
Where nonces are indicated, they will be variable precision integers
with an entropy value that matches the "strength" attribute of the
GRP used with the exchange. If no GRP is indicated, the nonces must
be at least 90 bits long.
And, sections E.1 and E.2 of the same draft state that the strength of
the 768 bit and 1024 bit MODP groups is 26.
So, for these two groups should the nonces be atleast 26 bits long but
could be any reasonable length > 26? Does it matter if the initiator and
responder nonces are of different lengths (so long as they are atleast
'strength' bits long)? Is there a set method to determine this length?
Thanks,
Sumit A. Vakil
Software Engineer
3Com Corporation
Follow-Ups: