Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
51525354555657585960
HP-UX IPSec Overview
IPsec Protocol Suite
Chapter 150
mathematical properties of the numbers, each party will generate the
same value, which can then be used as a shared key or use as a base
value to generate multiple shared keys.
Figure 1-13 Diffie-Hellman Key Generation
IKE Primary Authentication Diffie-Hellman is vulnerable to
third-party attacks, in which a third party intercepts messages
between two attacked parties, A and B. A and B assume they are
exchanging messages with each other, but are exchanging messages with
the third party. The attacker assumes the identity of A to exchange
messages with B, and assumes the identity of B to exchange messages
with A.
Because of this vulnerability, IKE must authenticate the identities of the
parties using the Diffie-Hellman algorithm. This process is known as
IKE primary authentication.
HP-UX IPSec supports two IKE primary authentication methods:
•Preshared keys
Digital Signatures