Security - Diffie-Hellman groups
Diffie-Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel It is considered to be one of the first public-key protocols.
The DH group number used defines strength of the key used in the key exchange process. In general, the higher the DH group number, the more secure the exchange. However, there is a tradeoff. The higher the DH number, the more computational processing resources are required to compute the key.
The following is a table that describes the cryptographic methodologies used for each group number:
|Group 1||768-bit group|
|Group 2||1024-bit group|
|Group 5||1536-bit group|
|Group 14||2048-bit group|
|Group 15||3072-bit group|
|Group 19||256-bit elliptic curve group|
|Group 20||384-bit elliptic curve group|
|Group 21||521-bit elliptic curve group|
|Group 24||2048-bit, 256 bit subgroup|
Not all Cisco devices support all group numbers, and not all devices are powerful enough to successfully deploy some of the most resource demanding groups. For example, the following context sensitive help from a IOSv router shows the available group numbers that can be used:
CE1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. CE1(config)#crypto isakmp policy 1 CE1(config-isakmp)#group ? 1 Diffie-Hellman group 1 (768 bit) 14 Diffie-Hellman group 14 (2048 bit) 15 Diffie-Hellman group 15 (3072 bit) 16 Diffie-Hellman group 16 (4096 bit) 19 Diffie-Hellman group 19 (256 bit ecp) 2 Diffie-Hellman group 2 (1024 bit) 20 Diffie-Hellman group 20 (384 bit ecp) 21 Diffie-Hellman group 21 (521 bit ecp) 24 Diffie-Hellman group 24 (2048 bit, 256 bit subgroup) 5 Diffie-Hellman group 5 (1536 bit) CE1(config-isakmp)#group
Different approaches demand different best practices. In general, for the Cisco ASA, the following is Cisco's recommendation, taken directly from Cisco's related documentation (link below):
Use the following guidelines when configuring Internet Key Exchange (IKE) in VPN technologies:
- Avoid IKE Groups 1, 2, and 5.
- Use IKE Group 15 or 16 and employ 3072-bit and 4096-bit DH, respectively.
- When possible, use IKE Group 19 or 20. They are the 256-bit and 384-bit ECDH groups, respectively.
- Use AES for encryption.
Caution: Administrators are advised to use caution regarding processing load when they choose IKE groups. Load depends on platform limitations. Some platforms may not support Group 15 or 16 in hardware, and handling them in the CPU could add significant load to the processor in lower-end products or multiple simultaneous IKE negotiation scenarios.
On the Cisco ASA, for large moduli, it is recommended to enable hardware processing.