 |
Note: The strength of DH Group 1 security has depreciated, and we do not recommend its use. |
A Diffie-Hellman (DH) exchange allows the participants to produce a shared secret value. The strength of the technique is that it allows the participants to create the secret value over an unsecured medium without passing the secret value through the wire. There are five Diffie-Hellman groups; JUNOS software supports groups 1, 2, and 5. The size of the prime modulus used in each group's calculation differs as follows:
|
Note: The strength of DH Group 1 security has depreciated, and we do not recommend its use. |
The larger the modulus, the more secure the generated key is considered to be; however, the larger the modulus, the longer the key-generation process takes. Because the modulus for each DH group is a different size, the participants must agree to use the same group.
|
Note: If you configure multiple (up to four) proposals for Phase 1 negotiations, use the same Diffie-Hellman group in all proposals. The same guideline applies to multiple proposals for Phase 2 negotiations. |
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |