IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [diffie-hellman]

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol.

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol. U.S. Patent 4,200,770, from 1977 (now expired) describes the algorithm. It credits Hellman, Diffie, and Merkle as inventors. DH is one of the earliest, practical examples of public key exchange implemented within the field of cryptography and provides the basis for a variety of authenticated protocols. For example: DH is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite). The Diffie–Hellman key agreement was followed shortly afterwards by RSA, an implementation of public key cryptography using asymmetric algorithms.

267 questions
294
votes
11 answers

"Diffie-Hellman Key Exchange" in plain English

Can someone explain what the Diffie-Hellman Key Exchange algorithm in plain English? I have read that Twitter has implemented this technology which allows two parties to exchange encrypted messages on top of a non-secured channel. How does that…
user15119
130
votes
4 answers

Is there any particular reason to use Diffie-Hellman over RSA for key exchange?

I often see RSA being recommended as a method of key exchange. However, the Diffie-Hellman key exchange method appears to be secure as well. Is there any considerations one should take into account that would lead to using one algorithm over the…
user10211
124
votes
3 answers

What's the purpose of DH Parameters?

For a Diffie–Hellman (D-H) key exchange (TLS) the server generates a prime p and a generator g, which is a primitive root modulo p. When setting up a webserver with SSL/TLS (e.g. nginx) one can use a directive ssl_dhparam dhparam4096.pem The…
Ben Richard
  • 3,006
  • 5
  • 16
  • 18
108
votes
6 answers

Why can't I MitM a Diffie-Hellman key exchange?

After reading the selected answer of "Diffie-Hellman Key Exchange" in plain English 5 times I can't, for the life of me, understand how it protects me from a MitM attack. Given the following excerpt (from tylerl's answer): I come up with two prime…
orokusaki
  • 1,342
  • 2
  • 10
  • 13
85
votes
4 answers

What is Logjam and how do I prevent it?

I heard there is a "new" TLS vulnerability named Logjam, what does it do and how do I prevent it?
Arperum
  • 941
  • 1
  • 9
  • 10
73
votes
2 answers

Diffie Hellman parameters still calculating after 24 hours

I have a fresh install of Arch Linux on a RaspberryPi model B. I'm setting up OpenVPN and using easy-rsa with OpenSSL 1.0.2d to generate initial keys and certificates. All went fine until I ran ./build-dh(script here). It was 24 hours later when I…
kgizdov
  • 853
  • 1
  • 7
  • 6
53
votes
2 answers

Decrypting TLS in Wireshark when using DHE_RSA ciphersuites

How can I decrypt TLS messages when an ephemeral Diffie-Hellman ciphersuite is used? I am able to expose the premaster secret and master secret from the SSL Client. Using that, how to decrypt the messages in Wireshark?
Kalai
  • 781
  • 2
  • 7
  • 5
49
votes
4 answers

Why is key exchange necessary at all?

Let's say "Alice" and "Bob" want to communicate with each other over an insecure network. Using Diffie–Hellman key exchange, they can get the same symmetric key at last. However, as I understand, they do not have to get the same symmetric key at…
Firegun
  • 503
  • 4
  • 8
43
votes
2 answers

Diffie-Hellman and its TLS/SSL usage

I'm struggling to understand the (non-)use of Diffie-Hellman (DH) in TLS. DH has been around for a long time now, why does almost nobody use it, yet? DH is only being used for "key sharing", why does nobody use the DH secret to encrypt everything?…
David Halter
  • 549
  • 1
  • 4
  • 6
40
votes
6 answers

What is the simplest safe way to convey a password to another person?

What is the easiest way for two people – neither of whom are computer specialists and cannot meet in person – to send a password for an encrypted file that is attached to an email? The two simplest methods are these: telephone the other person and…
Peter
  • 987
  • 2
  • 9
  • 12
37
votes
4 answers

Can someone explain what exactly is accomplished by generation of DH parameters?

I'm setting up a node.js server: https.createServer({ ... ciphers: 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH', honorCipherOrder: true }, app).listen(443); This is a able to achieve a SSLLabs A rating, which…
Steven Lu
  • 977
  • 2
  • 12
  • 13
33
votes
2 answers

What is the current security status of Diffie-Hellman key exchange?

There is a web site weakdh.org, whose name alone would certainly cause some feeling of uncertainty in using DH among people who are not experts IMHO. Could some knowledgeable person kindly say something of the current security status of DH, i.e.…
Mok-Kong Shen
  • 1,199
  • 1
  • 10
  • 14
30
votes
3 answers

How to check if a server is not vulnerable to Logjam?

In response to Logjam I want to prove I've hardened my services. I know that the DH param has to be 2048 bits at least and self generated. But I am unable to find a way to actually check this for something other than an HTTPS site. (thats I can do…
LvB
  • 8,217
  • 1
  • 26
  • 43
29
votes
2 answers

Extract pre-master keys from an OpenSSL application

Consider an application using OpenSSL which has a bug. A packet capture of the full SSL session is available, as well as a core dump and debugging symbols for the application and libraries. A RSA private key is also available, but since a DHE cipher…
Lekensteyn
  • 5,898
  • 5
  • 37
  • 62
27
votes
3 answers

How does non-ephemeral Diffie-Hellman key exchange become compromised in SSL when the RSA private key is leaked?

From my understanding, one of the major reasons we recommend Diffie-Hellman Ephemeral (e.g. DHE or ECDHE) over non-ephemeral DH, for SSL / TLS, is that compromise of the RSA private key (i.e. private certificate) would allow an attacker to decrypt…
Polynomial
  • 132,208
  • 43
  • 298
  • 379
1
2 3
17 18