Questions tagged [key-exchange]

For questions relating to protocols for distributing public keys, and / or establishing session keys with another party. Examples of key exchange protocols include Diffie-Hellman and IKE.

A key exchange protocol is a method to construct and distribute a key among several parties, protecting it from malicious parties. A key exchange is often conducted soon after establishing a communication channel in order for the parties to agree on a session key.

Some examples of key exchange protocols are:

292 questions
417
votes
14 answers

How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?

I've often heard it said that if you're logging in to a website - a bank, GMail, whatever - via HTTPS, that the information you transmit is safe from snooping by 3rd parties. I've always been a little confused as to how this could be possible.…
Joshua Carmody
  • 4,465
  • 4
  • 15
  • 11
294
votes
11 answers

"Diffie-Hellman Key Exchange" in plain English

Can someone explain what the Diffie-Hellman Key Exchange algorithm in plain English? I have read that Twitter has implemented this technology which allows two parties to exchange encrypted messages on top of a non-secured channel. How does that…
user15119
130
votes
4 answers

Is there any particular reason to use Diffie-Hellman over RSA for key exchange?

I often see RSA being recommended as a method of key exchange. However, the Diffie-Hellman key exchange method appears to be secure as well. Is there any considerations one should take into account that would lead to using one algorithm over the…
user10211
108
votes
6 answers

Why can't I MitM a Diffie-Hellman key exchange?

After reading the selected answer of "Diffie-Hellman Key Exchange" in plain English 5 times I can't, for the life of me, understand how it protects me from a MitM attack. Given the following excerpt (from tylerl's answer): I come up with two prime…
49
votes
4 answers

Why is key exchange necessary at all?

Let's say "Alice" and "Bob" want to communicate with each other over an insecure network. Using Diffie–Hellman key exchange, they can get the same symmetric key at last. However, as I understand, they do not have to get the same symmetric key at…
Firegun
  • 503
  • 4
  • 8
34
votes
1 answer

How to implement an API-Key-Mechanism

first of all: I am quite unsure about the title of the question, so if you have a better idea, please feel free to tell (: I would like to know about best-practise examples where services (like Twitter or co) which offer APIs and want you as a…
user510083
  • 451
  • 1
  • 5
  • 5
33
votes
1 answer

What key exchange mechanism should be used in TLS?

There are many key exchange mechanisms that can be used in TLS. Among them are RSA, ECDH_ECDSA, ECDHE_ECDSA, ECDH_RSA, ECDHE_RSA and others. Which of these are more cryptographically secure and can be used for securing connection with web site?
Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
29
votes
1 answer

Where do I get prime numbers for Diffie-Hellman? Can I use them twice?

I realise it's very hard to generate suitable prime numbers and generators for the Diffie-Hellman key exchange. What is the best way to generate them? And if I have one, can I use it twice? According to Wikipedia, they are considered "public".
Stefano Palazzo
  • 971
  • 2
  • 11
  • 18
26
votes
1 answer

How does SSH use both RSA and Diffie-Hellman?

SSH protocol 2 allows you to use DSA, ECDSA, ED25519 and RSA keys when establishing a secure connection to a server. (Keep in mind for this question that I'm only familiar with the procedure and capabilities of RSA, and can't speak for the other…
IQAndreas
  • 6,557
  • 8
  • 32
  • 51
24
votes
1 answer

How can I verify Keybase's end-to-end encryption between me and a friend?

The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted. You've read all the code in the client, or someone you trust has…
Luc
  • 31,973
  • 8
  • 71
  • 135
23
votes
1 answer

Ways to sign gpg public key so it is trusted?

I have a service through SSL which gives the user a code for a specific reason. I want to sign the code with the web server's private key (gpg --clearsign) and send the signed code along so that they can verify its origin after they leave my…
Ken Bachmann
  • 233
  • 1
  • 2
  • 4
23
votes
2 answers

Client-server encryption technique explanation (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys)

I opened a web page using https. When I looked at the page info provided by my browser (Firefox) I saw following: Connection encrypted: High-grade Encryption (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys). I got a question - what does this…
VL-80
  • 1,234
  • 1
  • 9
  • 17
22
votes
9 answers

Are there any systems out there that use a one-time pad?

I'm still new to information security, but I have read a bit about the one-time pad. The point that sticks out to me the most is that it is supposedly unbreakable. Has this method of encryption ever been incorporated in any internet web applications…
rackonnoiter
  • 339
  • 2
  • 5
21
votes
3 answers

DEK, KEK and Master key - simple explanation

This article is intended to be a simplified explanation sans drill-down for people wanting to understand these concepts/terms. What are DEK, KEK and MEK/Master key?
Erez
  • 333
  • 1
  • 2
  • 5
20
votes
3 answers

Are open wireless networks unencrypted?

When you connect to an open wireless network (that is, a wireless network without any symmetric password set) is there any sort of secure key exchange going on, or is data sent back and forth unencrypted and able to be intercepted by anyone…
IQAndreas
  • 6,557
  • 8
  • 32
  • 51
1
2 3
19 20