By Manny Fernandez

January 7, 2020

What Diffie-Hellman (DH) Group Should I Use

There has been a lot around Diffie-Hellman groups and which ones to use.  Some think that the bigger the DH group number is, the bigger the key length.

What is Diffie-Hellman

The Diffie-Hellman algorithm was created to address the issue of secure encrypted keys from being attacked over the internet when in transmission, though using the Diffie-Hellman algorithm in distributing symmetric keys securely over the internet.

I have used the “Bob and Alice” examples from text books of when I got started (Don’t Judge).  The process works by two peers (Bob and Alice) generating a private and a public key pair each.  Alice would send her public key to Bob and Bob would send his public key to Alice. Alice would then use the public key sent from Bob and her own private key to generate a symmetric key using the Diffie-Hellman algorithm. Bob would also take the same process as Alice and in turn produce the exact same symmetric key as Alice, though enabling them to communicate securely over the in-secure internet. Both peers can now encrypt, transmit and decrypt data using their symmetric keys.

DH Process.jpg

As compute power and more people involved in white-hat, black-hat and grey-hat hacking, some concerns have come to light.  Things like Man-in-the-Middle attacks where an attacker could intercept and send another key and use that information to get in-between the communication.

Diffie-Hellman public key cryptography is used by all major VPN gateway’s today, but not all VPN gateways are the same.  Some platforms such as Cisco will only support the stronger DH groups only when using IKEv2, which works out well since you should try to use IKEv2 instead of IKEv1.

DES and 3DES does not need as strong a DH group, however DES and 3DES should never be used unless you are under some encryption restriction based on country restriction.  AES should use a stronger DH Group.  If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 19, 20. If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21. RFC 5114 Sec 4 states DH Group 24 strength is about equal to a modular key that is 2048-bits long, that is not strong enough to protect 128 or 256-bit AES, you should stay away from 24.

ecp256       Group 19 (256 bit ECP)
ecp384       Group 20 (384 bit ECP)
ecp521       Group 21 (521 bit ECP)
modp1024     Group 2 (1024 bit modulus) **Avoid**
modp1024s160 Group 22 (1024 bit modulus, 160 bit POS)
modp1536     Group 5 (1536 bit modulus) **Avoid**
modp2048     Group 14 (2048 bit modulus) **Avoid if possible**
modp2048s224 Group 23 (2048 bit modulus, 224 bit POS)
modp2048s256 Group 24 (2048 bit modulus, 256 bit POS) **Avoid**
modp3072     Group 15 (3072 bit modulus)
modp4096     Group 16 (4096 bit modulus)
modp6144     Group 17 (6144 bit modulus)
modp768      Group 1 (768 bit modulus) **Avoid**
modp8192     Group 18 (8192 bit modulus)

My Standard

The way I normally set up VPNs is as follows

Phase I

2020-01-07_23-39-07.png

Phase II

2020-01-07_23-39-50.png

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • 1. High-Level Overview The FortiGate Wireless Intrusion Detection System... Full Story

  • What MIMO Actually Does Multiple Input, Multiple Output (MIMO)... Full Story

  • A practitioner's tour of the diagnose, test, and fnsysctl... Full Story