IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [diffie-hellman]

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol.

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol. U.S. Patent 4,200,770, from 1977 (now expired) describes the algorithm. It credits Hellman, Diffie, and Merkle as inventors. DH is one of the earliest, practical examples of public key exchange implemented within the field of cryptography and provides the basis for a variety of authenticated protocols. For example: DH is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite). The Diffie–Hellman key agreement was followed shortly afterwards by RSA, an implementation of public key cryptography using asymmetric algorithms.

280 questions
33
votes
2 answers

What is the current security status of Diffie-Hellman key exchange?

There is a web site weakdh.org, whose name alone would certainly cause some feeling of uncertainty in using DH among people who are not experts IMHO. Could some knowledgeable person kindly say something of the current security status of DH, i.e.…
Mok-Kong Shen
  • 1,199
  • 1
  • 11
  • 14
18
votes
2 answers

DH parameters recommended size?

I'm setting up EAP-TLS on my wireless router, and am currently generating DH parameters for FreeRADIUS. First, what do these parameters do? Also, what size should they be? I've been generating the current parameters for some time: openssl dhparam…
Naftuli Kay
  • 6,763
  • 11
  • 49
  • 78
10
votes
2 answers

Is there a key length definition for DH or DHE?

I found this in wiki The Finite Field Diffie-Hellman algorithm has roughly the same key strength as RSA for the same key sizes. The work factor for breaking Diffie-Hellman is based on the discrete logarithm problem, which is related to the integer…
Zack
  • 101
  • 1
  • 1
  • 3
8
votes
1 answer

Do Diffie-Hellman parameters need to be recreated regularly?

Having generated 2048-bit DH params, do I need to regenerate them regularly? If so, how frequently should I do this?
Roger Lipscombe
  • 2,337
  • 3
  • 16
  • 20
5
votes
2 answers

Should diffie-hellman parameters be unique to a vhost

So I'm setting up one host to serve multiple SSL sites. I've been following various guides like https://cipherli.st/ and https://wiki.mozilla.org/Security/Server_Side_TLS and they both suggest to specify diffie-hellman parameters to get forward…
abhishekmukherg
  • 153
  • 2
5
votes
10 answers

Why not use symmetric encryption?

Something very simple: most of us communicate most of the time with people we already know. Alice and Bob probably have physical contact, too. Yes, there are cases when whistle-blowers want to contact journalists for the first time, but that’s not…
Peter
  • 1,007
  • 2
  • 10
  • 12
3
votes
1 answer

Cipher suites vulnerable to logjam

The following is a list of ciphers, how to know which ciphers are vulnerable to LogJam attack? Client shared list of ciphers: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA…
Prem M
  • 31
  • 2
2
votes
3 answers

Understanding Diffie-Hellman key exchange

I understand the diagram up till the point where Bob and Alice do a "Public transport" of their respective mixture. I am wondering how do Bob and Alice know what secret colour to add ( circled picture ) to get the Common secret
Computernerd
  • 2,431
  • 9
  • 25
  • 30
2
votes
2 answers

How secure is Samy Kamkar's Anti-MITMA Diffie-Hellman Key Exchange Technique?

I'm currently using Diffie-Hellman to encrypt data sent across an arbitrary link (can be ethernet, Wi-Fi, USB, bluetooth, etc), and I'm not a huge fan of the potential that DH is vulnerable to an active MITMA. I came across Samy Kamkar's Anti-MITMA…
Sal Rahman
  • 641
  • 1
  • 5
  • 14
1
vote
0 answers

How to generate DSA keypair for browserID

As a bit of a learning exercise, I'm trying to understand and implement a client for the Firefox Accounts Browser sync API. I'm up to the point where I'm trying to ask the server to give me a certificate validating my public…
Glenjamin
  • 111
  • 3
1
vote
1 answer

Different Diffie–Hellman key per site?

I recently put each of my sites through the ssl labs analyzer and now have them all running with an A+ getting perfect scores with every metric except Key Exchange at 90. As part of this I have globally set my Nginx server to use a dhparams.pem file…
David Baucum
  • 163
  • 6
1
vote
2 answers

How to Perform Encryption after Diffie Hellman Key Exchange

This feels like a silly question, but a cursory look around the internet hasn't exactly helped. I'm implementing 1-out-of-2 oblivious transfer using DH key exchange in Python. I have successfully performed DH to get the symmetric key on both sides…
jkovba
  • 111
  • 1
  • 5
0
votes
1 answer

Is encrypting and subsequently sending a known clearext string after a Diffie-Hellman bad design?

I'm writing a small protocol that relies on a DH handshake, generation of a shared secret, and subsequent AES encryption/decryption using that generated secret. I want to add a built-in test message after the handshake to ensure both clients are…
jpalm
  • 101
  • 1
0
votes
0 answers

Question about Diffie-Hellman key exchange

It is known that a man-in-the-middle attack on the Diffie-Hellman key exchange protocol in which the adversary generates two public-private key pairs for the attack. Could the same attack be accomplished with one pair? Thank you.
김신웅
  • 1
0
votes
1 answer

In Diffie-Hellman, why is the shared secret guaranteed to be the same?

In general, I understand the principle of Diffie-Hellman key exchange. What I don't understand is what is so fundamental about primitive roots modulo p that guarantees that the shared secret is the same. I'll use the notation similar from the…
michael b
  • 113
  • 8
1
2