[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Q: Calculating Cookies for ISAKMP - Header in IKE
Hi,
just a small question about the Cookie - Generation as mentioned under
3.3 in RFC 2522 "Photuris: Session-Key Management Protocol" (RFC 2408
"ISAKMP" points to it with [Karn]):
First the Initiator Cookie is calculated with a rather complicated
method (MD5 over some attributes like a secret value, the source - and
destination ip adress etc.). Then, when receiving the answer from the
responder, the initiator - cookie in that message is compared to a
recalculated cookie, or alternatively the cached sent cookie. This is
to deny DoS - Attacks on the later Diffie-Hellman calculation.
Now my question: Why not just generate a random cookie? I can check
this cookie just as i do it with the more complex cookie and have the
same result, either i sent the cookie or i didnīt?
What do i miss to understand?
thank you in advance for your patience to read (and answer) my
question,
Marco
Follow-Ups: