Cookie exchange
Encyclopedia
The cookie exchange in IPsec
comes under the Oakley protocol
, which is a protocol of key management. The cookie exchange requires that each side send a pseudorandom number, the cookie, in the initial message, which the other side acknowledges. This acknowledgement must be repeated in the first message of the Diffie-Hellman key exchange
. If the source address was forged, the opponent gets no answer. Thus, an opponent can only force a user to generate acknowledgements and not to perform the Diffie-Hellman calculation. Note that "cookies" in the sense of IPsec are unrelated to HTTP cookie
s used by web browsers.
The recommended method for creating the cookie is to perform a fast hash
(eg. MD5
) over the IP
source and destination addresses, the UDP source and destination ports, and a locally generated secret value.
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
comes under the Oakley protocol
Oakley protocol
The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection using the Diffie-Hellman key exchange algorithm. The protocol was proposed by H...
, which is a protocol of key management. The cookie exchange requires that each side send a pseudorandom number, the cookie, in the initial message, which the other side acknowledges. This acknowledgement must be repeated in the first message of the Diffie-Hellman key exchange
Diffie-Hellman key exchange
Diffie–Hellman key exchange Synonyms of Diffie–Hellman key exchange include:*Diffie–Hellman key agreement*Diffie–Hellman key establishment*Diffie–Hellman key negotiation...
. If the source address was forged, the opponent gets no answer. Thus, an opponent can only force a user to generate acknowledgements and not to perform the Diffie-Hellman calculation. Note that "cookies" in the sense of IPsec are unrelated to HTTP cookie
HTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
s used by web browsers.
The recommended method for creating the cookie is to perform a fast hash
Hash
Hash may refer to:* Hash symbol, the glyph #* Hash mark , one of various symbols* Hash , a coarse mixture of ingredients* Hash chain, a method of producing many one-time keys from a single key or password...
(eg. MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
) over the IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
source and destination addresses, the UDP source and destination ports, and a locally generated secret value.