IPsec (Internet Protocol Security)

Hi Francesco,

DH is used to generate a shared private key over an insecure network (like the Internet). Here’s an example of the different DH groups:

Diffie-Hellman group 1 - 768 bit modulus
Diffie-Hellman group 2 - 1024 bit modulus
Diffie-Hellman group 5 - 1536 bit modulus
Diffie-Hellman group 14 - 2048 bit modulus
Diffie-Hellman group 19 - 256 bit elliptic curve
Diffie-Hellman group 20 - 384 bit elliptic curve
Diffie-Hellman group 21 - 521 bit elliptic curve

The higher the DH group number, the more secure the exchange will be.

Here’s an interesting link from Cisco where they advise which protocols you should or shouldn’t use:

http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

Rene

1 Like