you still did not tell if the nonce in phase one and the one in phase two is
the same. And I think the cookie is not the nonce. It's cookie's reachability, not
nonce's, that is tested.
I am a newbie in security area. Maybe I miss your point. Would you give more
detail?
you writes:
>The nonce provides a quick, non-cryptographic check to prevent not
>only replay but also DoS attacks. The responder should not have to
>perform any high-CPU operations (e.g. modexp) until the nonce (cookie)
>reachability test has succeeded.
>
>-derek
>
>dxh <sleepy-cat@263.net> writes:
>
>> I am not sure if the nonce in Phase One is the same as
>> the one in Phase two. And I still can not see why there is
>> need using nonce to prevent from replay attacking in Phase
>> One. I think the Kes of DH exch can do this.
>>
>>
>>
>> Dong Xiaohu
>>
>
>--
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
ÖÂ
Àñ£¡
dxh
sleepy-cat@263.net