Diffie Hellman key exchange is a mathematical method to securely derive a common key using the information shared through a public channel.
The common key derived can then be used for symmetric encryption.
Though the name contains the term key exchange, there is not actual exchange. The two participants compute the same key at the end of the handshake.
Consider two actors Alice and Bob.
Alice wants to contact Bob.
Bob sends out Diffie Hellman parameters to Alice (this is the information shared over the public channel mentioned above).
The public parameters shared contains:
a large prime number (p)
a generator (g)
0<g<p
Though we have shared p,g,A,B through a public channel, it is hard to derive back the private variables/keys a and b.
mod p makes it hard to bruteforce the private keys because g^a mod p ends up in a cycle of 0 to p-1 and we don’t exactly know how many times it got wrapped around the ring.
Attack on Diffie Hellman
Vanilla Diffie Hellman is prone to MITM.
Though the private keys and the shared key cannot be derived by a third party, a third actor can sit in between Alice and Bob and pretend to be Alice when talking to Bob and Bob when talking to alice.
While the third actor is pretending to be someone they are not, they also perform diffie hellman with both the parties.
This lets the third party to decrypt all the communication.
This can happen provided if the actor controls communication over the public channel.
Diffie Hellman provides a mechanism to derive a shared key but the provide any authentication to communication parties.
ECDSA
AES-CBC
HMAC
SHA256
OpenSSL?? can do but an over kill according to NearDrop
