• Diffie Hellman

    • Diffie Hellman key exchange is a mathematical method to securely derive a common key using the information shared through a public channel.
    • The common key derived can then be used for symmetric encryption.
    • Though the name contains the term key exchange, there is not actual exchange. The two participants compute the same key at the end of the handshake.
    • Consider two actors Alice and Bob.
    • Alice wants to contact Bob.
    • Bob sends out Diffie Hellman parameters to Alice (this is the information shared over the public channel mentioned above).
    • The public parameters shared contains:
      • a large prime number (p)
      • a generator (g)
      • 0<g<p
    • Though we have shared p,g,A,B through a public channel, it is hard to derive back the private variables/keys a and b.
    • mod p makes it hard to bruteforce the private keys because g^a mod p ends up in a cycle of 0 to p-1 and we don’t exactly know how many times it got wrapped around the ring.
    • Attack on Diffie Hellman

      • Vanilla Diffie Hellman is prone to MITM.
      • Though the private keys and the shared key cannot be derived by a third party, a third actor can sit in between Alice and Bob and pretend to be Alice when talking to Bob and Bob when talking to alice.
      • While the third actor is pretending to be someone they are not, they also perform diffie hellman with both the parties.
      • This lets the third party to decrypt all the communication.
      • This can happen provided if the actor controls communication over the public channel.
      • Diffie Hellman provides a mechanism to derive a shared key but the provide any authentication to communication parties.
  • ECDSA
  • AES-CBC
  • HMAC
  • SHA256
  • OpenSSL?? can do but an over kill according to NearDrop
  • ukey2 google’s own key exchange protocol