Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?
A. group 10
B. group 24
C. group 5
D. group 20
4 Comments on “Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?”
Acesays:
why not 24? Key size limited to 128?
“If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 5, 14, 19, 20 or 24. If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21 or 24.” – https://supportforums.cisco.com/document/12276506/diffie-hellman-groups
0
0
zeroC00Lsays:
Maybe (caution this is a guess) cause it is not with a Eliptic Curve like DH Group 19 or 20
Several other internet sources explain Group 24 as “2048-bit MODP Group with 256-bit prime order subgroup” MODP Stands for ” More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)” and is defined in RFC 3526. (https://tools.ietf.org/html/rfc3526)
both RFCs are rather old so saying they are not “next generation” might be valid
so in short Group 24 is based on a Exponential Function not on a Eliptic Curve function (if i understand it correctly) and per Cisco this might be the reason to not qualify it as Ciscos Interpretation of Next Generation Encryption.
In my opinion this is related to the fact that Group 24 is not based und Eliptic Curves and in Ciscos World Next Generation Encryptions means Eliptic Curve.
In most Internet Ressources Group 24 is explained as “2048-bit MODP Group with 256-bit prime order subgroup” (RFC 5114 for example)
and MODP stands for Modular Exponential (RFC 3526 for example).
why not 24? Key size limited to 128?
“If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 5, 14, 19, 20 or 24. If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21 or 24.” – https://supportforums.cisco.com/document/12276506/diffie-hellman-groups
0
0
Maybe (caution this is a guess) cause it is not with a Eliptic Curve like DH Group 19 or 20
Several other internet sources explain Group 24 as “2048-bit MODP Group with 256-bit prime order subgroup” MODP Stands for ” More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)” and is defined in RFC 3526. (https://tools.ietf.org/html/rfc3526)
Group 24 is defined in RFC 5114 (https://tools.ietf.org/html/rfc5114) where you can find the ECP Groups as well
both RFCs are rather old so saying they are not “next generation” might be valid
so in short Group 24 is based on a Exponential Function not on a Eliptic Curve function (if i understand it correctly) and per Cisco this might be the reason to not qualify it as Ciscos Interpretation of Next Generation Encryption.
A strong indication for this is the fact that Group 24 is not showing up in the NGE Document from Cisco http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html they just talk about Group 19 and 20 since this are the DH Groups wit the Eliptic Curves.
0
0
In my opinion this is related to the fact that Group 24 is not based und Eliptic Curves and in Ciscos World Next Generation Encryptions means Eliptic Curve.
In most Internet Ressources Group 24 is explained as “2048-bit MODP Group with 256-bit prime order subgroup” (RFC 5114 for example)
and MODP stands for Modular Exponential (RFC 3526 for example).
in Ciscos NGE Paper(http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html) they also say “When possible, use IKE Group 19 or 20. They are the 256-bit and 384-bit ECDH groups, respectively”
0
0
What’s more, part of that new 307Q 300-209 dumps are available here:
https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM
Best Regards!
0
0