[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cookie Generation Logic

To: IPSec Mail Group <ipsec@lists.tislabs.com>
Subject: Cookie Generation Logic
From: venkat <venkat@dexceldesigns.com>
Date: 15 Nov 2002 11:03:20 +0530
Sender: owner-ipsec@lists.tislabs.com

Hi all,

Someone please help me out with the cookie implementation

I create a cookie using the following logic
FAST_HASH(
               IP Source Address,
               IP Destination Address,
               Source Port,
               Destination Port,
               My Local Secret
          );

I thought my implementation was good enough for a cookie until someone
told me, to look into the FreeSWAN's Pluto Code which says

if ( it is a initiator cookie )
	get_64_random_bits();
if ( it is a responder cookie )
	FASH_HASH( ip_addr, local_secret );

I don't get it, why is the initiator cookie only 64 random bits and
responder cookie the actual 64 bit logic. To my understanding, initiator
cookie is created by the initiator and the responder cookie by
responder. What is the responder cookie creation doing at the initiator
end and vice-versa.

Thanks in Advance
- Venkat



--------------------------------------------------------------
Dexcel Electronics Designs (P) Ltd., Bangalore, India

Prev by Date: RE: RFC2407: ID Payload Field ("DOI Specific ID Data")
Next by Date: padding in ESP
Prev by thread: IPSEC-WG agenda for IETF 55 (Atlanta)
Next by thread: padding in ESP
Index(es):
- Date
- Thread