摘要:PPTP和L2TP的区别 PPTP uses TCP port 1723 for it's control connection and GRE (IP protocol 47) for the PPP data. PPTP supports data encryption by using MPPE.L2TP uses UDP to transport the PPP data, this is often encapsulated in IPSec for encryption instead of using MPPE.L2TP支持MP(Multilink Protocol),把
        阅读全文
        随笔分类 - VPN
摘要:首先要了解什么是cyclic groupIn group theory, a cyclic group is a group that can be generated by a single element, in the sense that the group has an element g (called a "generator" of the group) such that, wh...
        阅读全文
        
摘要:http://www.limited-entropy.com/discrete-log
        阅读全文
        
摘要:数论的基本知识本文将简单地介绍有关整数集合Z={…,-2,-1,0,1,2,…}和自然数集合N={0,1,2,…}的最基本的数论概念。可除性与约数一个整数能被另一个整数整除的概念是数论中的一个中心概念,记号d|a(读作“d 除a”)意味着对某个整数k,有 a = kd。0可被每个整数整除。如果a>0且d|a,则|d|≤|...
        阅读全文
        
摘要:see also:openwan.orgJump to a letter in the glossarynumeric A B C D E F G H I J K L M N O P Q R S T U V W X Y ZOther glossariesOther glossaries which overlap this one include:The VPN Consortium's glos...
        阅读全文
        
摘要:转载自:http://blog.solrex.org/articles/number-theory-and-public-key-cryptography.htmlMath in CS: 数论和公钥密码学2008年6月13日 Solrex Yang 发表评论 阅读评论 1940年,英国数学家哈代在他的一本小书《一个数学家的辩白》(A Mathematician's Apology)中说:̶...
        阅读全文
        
摘要:see also :http://www.worldlingo.com/ma/enwiki/en/Diffie-Hellman_key_exchange/Diffie-Hellman密钥交换协议工作过程 密钥协商原理群组密钥协商(GroupKeyAgreement),这种方法是基于分布式的思想,它的特点是:1)群组的多个成员一起参与密钥生成2)群组中的密钥是由每个成员提供的参数以及密钥生成算法共同...
        阅读全文
        
摘要:Diffie-Hellman 算法描述: 目前被许多商业产品交易采用。HD 算法为公开的密钥算法,发明于1976年。该算法不能用于加密或解密,而是用于密钥的传输和分配。  DH 算法的安全性体现在:在有限域上计算离散对数非常困难。  离散对数 :定义素数p的原始根(primitive root)为这样一个数,它能生成1~p-1所有数的一个数。现设a为p的原始根,则 a mod p, a2 mod ...
        阅读全文
        
摘要:see also:http://www.example-code.com/vcpp/dh_key_exchange.asp#include <CkDh.h>#include <CkCrypt2.h>void ChilkatSample(void) { //  Create two separate instances of the DH object. CkDh dhBob...
        阅读全文
        
摘要:VPNs can use both symmetric and asymmetric forms of cryptography. Symmetric cryptography uses the same key for both encryption and decryption, while asymmetric cryptography uses separate keys for encr...
        阅读全文
        
摘要:Encapsulating Security Payload (ESP)ESP is the second core IPsec security protocol. In the initial version of IPsec, ESP provided only encryption for packet payload data. Integrity protection was prov...
        阅读全文
        
摘要:Integrity Protection ProcessThe first step of integrity protection is to create a hash by using a keyed hash algorithm, also known as a message authentication code (MAC) algorithm. A standard hash alg...
        阅读全文
        
摘要:NIST‘s requirements and recommendations for the configuration of IPsec VPNs are:If any of the information that will traverse a VPN should not be seen by non-VPN users, then the VPN must provid...
        阅读全文
        
摘要:see also:http://www.ciscopress.com/articles/article.asp?p=25477 AH is incompatible with Network Address Translation (NAT) because NAT changes the source IP address, which breaks the AH header and caus...
        阅读全文
        
摘要:IPSec NAT-T一 IPSec NAT-T技术在建立IPsec通道时,如果通道路径上有NAT设备也不会影响第一阶段的IKE SA的协商和第二阶段IPSec SA的协商,因为通常将IKE的数据包封装在UDP数据包中,但是,在完成第二阶段协商后, IPsec数据包上的NAT会导致通道失败,(也就是说IPsec的通道可以建立,但是真正的User的数据无法传输)原因可能有多个,但是最关键的原因就是:...
        阅读全文
        
摘要:PFS - VPN TutorialPFS (Perfect Forward Secrecy)PFS will ensure the same key will not be generated again. This would ensure if a hacker was to compromise a key, they would only be able to access data i...
        阅读全文
        
摘要:Main Mode and Aggressive ModeIKE phase 1 negotiations are used to establish IKE SAs. These SAs protect the IKE phase 2 negotiations. IKE uses one of two modes for phase 1 negotiations: main mode or ag...
        阅读全文
        
摘要:see also:http://www.bitscn.com/network/cisco/200604/13698.html一、IPSec驱动程序     IPSec驱动程序负责监视、筛选和保护IP通信。它负责监视所有出入站IP数据包,并将每个 IP 数据包与作为 IP 策略一部分的 IP 筛选器相匹配。一旦匹配成功,IPSec驱动程序通知IKE开始安全协商。下图为IPSec驱动程序服务示意图。 ...
        阅读全文
        
摘要:在PⅨ防火墙上使用IPSeC能在两个终端之间建立一个安全的VPN隧道,使IP间能安全地交换数据。使用带有RSA键交换的IKE、带有CA证书的IKE、带有Preshared key的IKE或使用Preshaled keys sand的IKE(称作manualIPSeC)能对IPsec进行配置。当使用手动键交换时,你可以简单地创建一个共享的秘密,在这两个终端上这个秘密是相同的。这项技术不仅...
        阅读全文
        
 
                    
                     
                    
                 
                    
                 

 
         浙公网安备 33010602011771号
浙公网安备 33010602011771号