Re: Re[2]: Calculating Cookies for ISAKMP - Header in IKE

["Hong Gie Ong" <stuonghg@cwc.nus.edu.sg>]

Hi Marco,


I think maybe my answer was a little confusing (or I was confused), anyway,
my previous answer below is maybe clearified by the comments after that:

> Hello,
>
> > but if you just send a random cookie how do you know if someone else
created
> > that cookie to make it look like it comes from the one you're trying to
> > correspond with ?
>
> > Using MD5 based on the IP-address in question and some secret value
makes
> > the outcome unique to both parties right ? So in that way you know that
it's
> > the same originator of the connection request ;

the outcome of the MD5 operation becomes unique based on the unique
IP-address of the initiator (and some parameters);

so in that sense the outcome is unique to both parties, because the MD5
result is with the initiator ( in the cookie reply from the responder) as
well as reconstructed at the responder;

so that is to prevent an attacker to intercept the cookie and modify the
IP-source address;

right ?


HG

---

References:

• Q: Calculating Cookies for ISAKMP - Header in IKE
• From: Marco Ender <marco.ender@dungeonmaster.at>
• Re: Calculating Cookies for ISAKMP - Header in IKE
• From: "Hong Gie Ong" <stuonghg@cwc.nus.edu.sg>
• Re[2]: Calculating Cookies for ISAKMP - Header in IKE
• From: Marco Ender <marco.ender@dungeonmaster.at>

---

• Prev by Date: Frequency of Phase 1 / Phase 2 Exchanges
• Next by Date: simulation of IPSEC
• Prev by thread: Re[2]: Calculating Cookies for ISAKMP - Header in IKE
• Next by thread: who is implementing rekey and how
• Index(es):
  • Main
  • Thread