Difference between revisions of "DH"
From Hackepedia
Jump to navigationJump to searchLine 5: | Line 5: | ||
In OpenSSL struct DH consists of the following members: | In OpenSSL struct DH consists of the following members: | ||
− | BIGNUM *p; | + | ; BIGNUM *p; |
− | BIGNUM *g; | + | ; BIGNUM *g; |
− | BIGNUM *public_key; | + | ; BIGNUM *public_key; |
− | BIGNUM *private_key; | + | ; BIGNUM *private_key; |
− | 1. The first peer generates the parameters p (which is a large prime and also a safe prime meaning that (p - 1) / 2 is also prime). It also creates g which OpenSSL calls a generator and is usually a constant of 2 or 5 (both low prime numbers). | + | ; 1. : The first peer generates the parameters p (which is a large prime and also a safe prime meaning that (p - 1) / 2 is also prime). It also creates g which OpenSSL calls a generator and is usually a constant of 2 or 5 (both low prime numbers). |
− | 2. It then shares p and g with the second peer, which fills these into its own struct DH. | + | ; 2. : It then shares p and g with the second peer, which fills these into its own struct DH. |
− | 3. The first peer also generates her public and private key now and also shares the public key with the second peer. | + | ; 3. : The first peer also generates her public and private key now and also shares the public key with the second peer. |
− | 4. Given p and g the second peer with that creates their own private key and public key (which are different from the first peers) and | + | ; 4. : Given p and g the second peer with that creates their own private key and public key (which are different from the first peers) and |
− | 5. shares with the first peer their public key. | + | ; 5. : shares with the first peer their public key. |
− | 6. Given the public key of the other peer, p, g, and their private key both peers are now able to compute a shared secret. | + | ; 6. : Given the public key of the other peer, p, g, and their private key both peers are now able to compute a shared secret. |
Revision as of 23:27, 10 October 2005
Diffie Hellman is a public key cipher developed in 1976 by 2 americans named Whitfield Diffie and Martin Hellman. The protocol exchanges data on both end of communication to agree mathematically on a common key which can then be used with a symmetric cipher.
Here is what a Diffie Hellman exchange would look like. Peers mean the endpoints of a 2-way communication. This method alone is susceptible to a man-in-middle attack:
In OpenSSL struct DH consists of the following members:
- BIGNUM *p;
- BIGNUM *g;
- BIGNUM *public_key;
- BIGNUM *private_key;
- 1.
- The first peer generates the parameters p (which is a large prime and also a safe prime meaning that (p - 1) / 2 is also prime). It also creates g which OpenSSL calls a generator and is usually a constant of 2 or 5 (both low prime numbers).
- 2.
- It then shares p and g with the second peer, which fills these into its own struct DH.
- 3.
- The first peer also generates her public and private key now and also shares the public key with the second peer.
- 4.
- Given p and g the second peer with that creates their own private key and public key (which are different from the first peers) and
- 5.
- shares with the first peer their public key.
- 6.
- Given the public key of the other peer, p, g, and their private key both peers are now able to compute a shared secret.