PrepAway - Latest Free Exam Questions & Answers

4 Comments on “Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?

  2. zeroC00L says:

    Maybe (caution this is a guess) cause it is not with a Eliptic Curve like DH Group 19 or 20

    Several other internet sources explain Group 24 as “2048-bit MODP Group with 256-bit prime order subgroup” MODP Stands for ” More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)” and is defined in RFC 3526. (https://tools.ietf.org/html/rfc3526)

    Group 24 is defined in RFC 5114 (https://tools.ietf.org/html/rfc5114) where you can find the ECP Groups as well

    both RFCs are rather old so saying they are not “next generation” might be valid

    so in short Group 24 is based on a Exponential Function not on a Eliptic Curve function (if i understand it correctly) and per Cisco this might be the reason to not qualify it as Ciscos Interpretation of Next Generation Encryption.

    A strong indication for this is the fact that Group 24 is not showing up in the NGE Document from Cisco http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html they just talk about Group 19 and 20 since this are the DH Groups wit the Eliptic Curves.




    0



    0
  3. zeroC00l says:

    In my opinion this is related to the fact that Group 24 is not based und Eliptic Curves and in Ciscos World Next Generation Encryptions means Eliptic Curve.

    In most Internet Ressources Group 24 is explained as “2048-bit MODP Group with 256-bit prime order subgroup” (RFC 5114 for example)

    and MODP stands for Modular Exponential (RFC 3526 for example).

    in Ciscos NGE Paper(http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html) they also say “When possible, use IKE Group 19 or 20. They are the 256-bit and 384-bit ECDH groups, respectively”




    0



    0

Leave a Reply