[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: Calculating Cookies for ISAKMP - Header in IKE
Hi Marco,
I think maybe my answer was a little confusing (or I was confused), anyway,
my previous answer below is maybe clearified by the comments after that:
> Hello,
>
> > but if you just send a random cookie how do you know if someone else
created
> > that cookie to make it look like it comes from the one you're trying to
> > correspond with ?
>
> > Using MD5 based on the IP-address in question and some secret value
makes
> > the outcome unique to both parties right ? So in that way you know that
it's
> > the same originator of the connection request ;
the outcome of the MD5 operation becomes unique based on the unique
IP-address of the initiator (and some parameters);
so in that sense the outcome is unique to both parties, because the MD5
result is with the initiator ( in the cookie reply from the responder) as
well as reconstructed at the responder;
so that is to prevent an attacker to intercept the cookie and modify the
IP-source address;
right ?
HG
References: