Hello All,

I would like to know the usage of Nonces other than that the fact that they are being exchanged in messages 3 and 4 and used for the SKEYID creation which also used the DH key derived g^xy , I know for a fact that it prevents replay attacks but that's if no one sniffed for the messages 3 and 4 , because there is no encryption there. As per RFC2409 below sample example of Authentication with PreShared Key:-

HDR, SA -->
                                             <-- HDR, SA
HDR, KE, Ni -->
                                             <-- HDR, KE, Nr
HDR*, IDii, HASH_I -->
                                              <-- HDR*, IDir, HASH_R

As you can see , if someone is sniffing on the start, he will know the nonces and yes sequence numbers will prevent anti replay attacks ok , but am I explaining it correct tho till this point ? Please correct me if I am wrong.

Also another thing is in messages 5 and 6 , messages are encrypted with SKEYIDe and the for example AES and hashed using SHA and SKEYIDa, I noticed while calculating those values we have a value called cookies , so what are the cookies and what is their usage and where to find it in a wireshark capture?

Also for the Hashes in messages 5 and 6 being exchanged , they are exchanged as per RFC except for the signature authentication where we sign that HASH values for each by using the certificate private key and sending the certificate with the public key to decrypt the signature.

Please correct me if I am wrong and sorry for the long post.

Appreciate any one contribution !