Google IKEv2 DH 密码 modp_2048s256 是否与 Cisco DH 组 24 相同?

Is the Google IKEv2 DH cipher modp_2048s256 the same as Cisco DH group 24?

这个问题很具体,只涉及 Google Cloud VPN。

Google参考https://cloud.google.com/vpn/docs/concepts/supported-ike-ciphers

思科定义(第 24 组)https://supportforums.cisco.com/t5/security-documents/diffie-hellman-groups/ta-p/3147010

是的,它们是一样的。 DH组号可以在IKEv2 registry at IANAmodp_1024s160modp_2048s224modp_2048s256分别代表第22、23、24组

请注意,RFC 8247 不鼓励使用这些组:

Groups 22, 23, and 24 are MODP groups with Prime Order Subgroups that are not safe primes. The seeds for these groups have not been publicly released, resulting in reduced trust in these groups. These groups were proposed as alternatives for groups 2 and 14 but never saw wide deployment. It has been shown that group 22 with 1024-bit MODP is too weak and academia have the resources to generate malicious values at this size. This has resulted in group 22 to be demoted to MUST NOT. Groups 23 and 24 have been demoted to SHOULD NOT and are expected to be further downgraded in the near future to MUST NOT.

如果他们的文档提供这样的组号会很有帮助:

  • 1024 位带 160 位素数阶子群 = 群 22
  • 2048 位带 224 位素数阶子群 = 群 23
  • 2048 位带 256 位素数阶子群 = 群 24

很容易将第 24 组与第 19 组混淆,后者属于更广泛支持的 ECP 系列:

  • 256 位椭圆曲线 = 第 19 组
  • 384 位椭圆曲线 = 第 20 组
  • 521 位椭圆曲线 = 第 21 组