Security - Diffie-Hellman groups

Diffie-Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel It is considered to be one of the first public-key protocols.

In terms of a VPN and IPSec it is used in the IKE or Phase 1 portion of setting up a VPN tunnel. Within the configuration of Phase 1 the Diffie-Hellman (DH) group must be defined.

The DH group number used defines strength of the key used in the key exchange process. In general, the higher the DH group number, the more secure the exchange. However, there is a tradeoff. The higher the DH number, the more computational processing resources are required to compute the key.

The following is a table that describes the cryptographic methodologies used for each group number:

Diffie-Hellman GroupDescription
Group 1768-bit group
Group 21024-bit group
Group 51536-bit group
Group 142048-bit group
Group 153072-bit group
Group 19256-bit elliptic curve group
Group 20384-bit elliptic curve group
Group 21521-bit elliptic curve group
Group 242048-bit, 256 bit subgroup

Not all Cisco devices support all group numbers, and not all devices are powerful enough to successfully deploy some of the most resource demanding groups. For example, the following context sensitive help from a IOSv router shows the available group numbers that can be used:

CE1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. CE1(config)#crypto isakmp policy 1 CE1(config-isakmp)#group ? 1 Diffie-Hellman group 1 (768 bit) 14 Diffie-Hellman group 14 (2048 bit) 15 Diffie-Hellman group 15 (3072 bit) 16 Diffie-Hellman group 16 (4096 bit) 19 Diffie-Hellman group 19 (256 bit ecp) 2 Diffie-Hellman group 2 (1024 bit) 20 Diffie-Hellman group 20 (384 bit ecp) 21 Diffie-Hellman group 21 (521 bit ecp) 24 Diffie-Hellman group 24 (2048 bit, 256 bit subgroup) 5 Diffie-Hellman group 5 (1536 bit) CE1(config-isakmp)#group

Different approaches demand different best practices. In general, for the Cisco ASA, the following is Cisco's recommendation, taken directly from Cisco's related documentation (link below):

Use the following guidelines when configuring Internet Key Exchange (IKE) in VPN technologies:

  • Avoid IKE Groups 1, 2, and 5.
  • Use IKE Group 15 or 16 and employ 3072-bit and 4096-bit DH, respectively.
  • When possible, use IKE Group 19 or 20. They are the 256-bit and 384-bit ECDH groups, respectively.
  • Use AES for encryption.

Caution: Administrators are advised to use caution regarding processing load when they choose IKE groups. Load depends on platform limitations. Some platforms may not support Group 15 or 16 in hardware, and handling them in the CPU could add significant load to the processor in lower-end products or multiple simultaneous IKE negotiation scenarios.

On the Cisco ASA, for large moduli, it is recommended to enable hardware processing.