Tom, It's all about performance. Public key encryption/decryption such as DH is about 100-1000 times slower than the same process using shared key cryptography (it has to do with the type of algorithms required). Given this, the standard modus operandi is for two hosts to use public key cryptography to setup the shared key and then use shared key algorithms such as 3DES to achieve the best possible throughput for the least number of CPU cycles on each host.
HTH, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Monte Sent: Tuesday, April 16, 2002 5:01 AM To: [EMAIL PROTECTED] Subject: silly encryption question [7:41583] I am studying for my MCNS test. The Cisco Press book says that Diffie-Hillman public key encryption is used to create a secure channel to exchange DES private keys for data encryption. If Diffie-Hillman is secure enough to transfer the DES private keys, why not use it to transfer the data? This seems silly and needlessly complex. Can someone explain this? This e-mail and any files transmitted with it are intended solely for the person(s) to whom it is addressed. If you are not the intended recipient, please delete the message and all copies of it from your system, destroy any hard copies of it and contact the sender by return e-mail. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41603&t=41583 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
