[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question about Nonce

To: sleepy-cat@263.net
Subject: Re: question about Nonce
From: Derek Atkins <warlord@mit.edu>
Date: 19 Oct 2001 10:12:03 -0400
Cc: "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
In-Reply-To: dxh's message of "Fri, 19 Oct 2001 9:29:57 +0800"
References: <200110190120.JAA05933@csnet1>
Sender: owner-ipsec@lists.tislabs.com

The nonce provides a quick, non-cryptographic check to prevent not
only replay but also DoS attacks.  The responder should not have to
perform any high-CPU operations (e.g. modexp) until the nonce (cookie)
reachability test has succeeded.

-derek

dxh <sleepy-cat@263.net> writes:

> 	I am not sure if the nonce in Phase One is the same as 
> the one in Phase two. And I still can not see why there is 
> need using nonce to prevent from replay attacking in Phase 
> One. I think the Kes of DH exch can do this.
> 
> 
> 
> Dong Xiaohu
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

References:

question about Nonce

From: dxh <sleepy-cat@263.net>

Prev by Date: RE: DataStructure for Storing SPD,SA Entries
Next by Date: RE: DataStructure for Storing SPD,SA Entries
Prev by thread: question about Nonce
Next by thread: IKE encryption in aggressive mode
Index(es):
- Main
- Thread