Cookie exchange

The cookie exchange in IPsec comes under the Oakley protocol, which is a protocol of key management. The cookie exchange requires that each side send a pseudorandom number, the cookie, in the initial message, which the other side acknowledges. This acknowledgement must be repeated in the first message of the Diffie–Hellman key exchange. If the source address was forged, the opponent gets no answer. Thus, an opponent can only force a user to generate acknowledgements and not to perform the Diffie–Hellman calculation. Note that "cookies" in the sense of IPsec are unrelated to HTTP cookies used by web browsers.^[1]

The recommended method for creating the cookie is to perform a fast hash (e.g. MD5) over the IP source and destination addresses, the UDP source and destination ports, and a locally generated secret value.^[1]

References

↑ ^1.0 ^1.1 Stallings, William (2017). Network Security Essentials - Applications and Standards. England: Pearson. pp. 327. ISBN 978-0-134-52733-8.

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Cookie exchange. Read more

[:0-1] 1.0 ^1.1 Stallings, William (2017). Network Security Essentials - Applications and Standards. England: Pearson. pp. 327. ISBN 978-0-134-52733-8.

[1]

Anonymous

Search

Cookie exchange

Namespaces

More

Page actions

References

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

Cookie exchange

References

Navigation

Wiki tools

Page tools

Other projects

Categories