Skip to main content
Information Security

Return to Question

Added formatting
Source Link
RoraΖ
RoraΖ
  • 12.5k
  • 4
  • 54
  • 84

It appears that the textbook version of Diffie Hellman-Hellman is susceptible to man in the middle attack and the use of digital signatures could prevent this attack from occurring.

Digital signatures could be implemented during the diffieDiffie-hellmanHellman key exchange in the following way

  1. Alice has a pair of public/private key (SKa,PKa).

    Alice has a pair of public/private key (SKa,PKa).

  2. Bob has a pair of public/private key(SKb,PKb).

    Bob has a pair of public/private key(SKb,PKb).

  3. Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)

    Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)

  4. Alice uses Bob public key PKb to encrypt her secret key Ka.

    Alice uses Bob public key PKb to encrypt her secret key Ka.

  5. Alice sends over encrypted Ka and s(m) over to Bob

    Alice sends over encrypted Ka and s(m) over to Bob

  6. Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D

    Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D

  7. Bob authenticates by ensuring that the C == D

    Bob authenticates by ensuring that the C == D

I have three questions with regard to this

  1. Is this how authenticated diffie-hellman key exchange using digital signatures is normally done ??? If not, how is it normally done ???

    Is this how authenticated diffie-hellman key exchange using digital signatures is normally done? If not, how is it normally done?

  2. Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party ??

    Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party?

  3. Are there any flaws with my implementation of authenticated diffie-hellman key exchange ??

    Are there any flaws with my implementation of authenticated Diffie-Hellman key exchange?

It appears that the textbook version of Diffie Hellman is susceptible to man in the middle attack and the use of digital signatures could prevent this attack from occurring.

Digital signatures could be implemented during the diffie-hellman key exchange in the following way

  1. Alice has a pair of public/private key (SKa,PKa).

  2. Bob has a pair of public/private key(SKb,PKb).

  3. Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)

  4. Alice uses Bob public key PKb to encrypt her secret key Ka.

  5. Alice sends over encrypted Ka and s(m) over to Bob

  6. Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D

  7. Bob authenticates by ensuring that the C == D

I have three questions with regard to this

  1. Is this how authenticated diffie-hellman key exchange using digital signatures is normally done ??? If not, how is it normally done ???

  2. Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party ??

  3. Are there any flaws with my implementation of authenticated diffie-hellman key exchange ??

It appears that the textbook version of Diffie-Hellman is susceptible to man in the middle attack and the use of digital signatures could prevent this attack from occurring.

Digital signatures could be implemented during the Diffie-Hellman key exchange in the following way

  1. Alice has a pair of public/private key (SKa,PKa).
  2. Bob has a pair of public/private key(SKb,PKb).
  3. Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)
  4. Alice uses Bob public key PKb to encrypt her secret key Ka.
  5. Alice sends over encrypted Ka and s(m) over to Bob
  6. Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D
  7. Bob authenticates by ensuring that the C == D

I have three questions with regard to this

  1. Is this how authenticated diffie-hellman key exchange using digital signatures is normally done? If not, how is it normally done?
  2. Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party?
  3. Are there any flaws with my implementation of authenticated Diffie-Hellman key exchange?
added 2 characters in body
Source Link
Computernerd
Computernerd
  • 2.5k
  • 9
  • 26
  • 31

It appears that the textbook version of Diffie Hellman is susceptible to man in the middle attack and the use of digital signatures could prevent this attack from occurring.

Digital signatures could be implemented during the diffie-hellman key exchange in the following way

  1. Alice has a pair of public/private key (SKa,PKa).

  2. Bob has a pair of public/private key(SKb,PKb).

  3. Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)

  4. Alice uses Bob public key PKb to encrypt her secret key Ka.

  5. Alice sends over encrypted Ka and s(m) over to Bob

  6. Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D

  7. Bob authenticates by ensuring that the C == D

I have twothree questions with regard to this

  1. Is this how authenticated diffie-hellman key exchange using digital signatures is normally done ??? If not, how is it normally done ???

  2. Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party ??

  3. Are there any flaws with my implementation of authenticated diffie-hellman key exchange ??

It appears that the textbook version of Diffie Hellman is susceptible to man in the middle attack and the use of digital signatures could prevent this attack from occurring.

Digital signatures could be implemented during the diffie-hellman key exchange in the following way

  1. Alice has a pair of public/private key (SKa,PKa).

  2. Bob has a pair of public/private key(SKb,PKb).

  3. Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)

  4. Alice uses Bob public key PKb to encrypt her secret key Ka.

  5. Alice sends over encrypted Ka and s(m) over to Bob

  6. Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D

  7. Bob authenticates by ensuring that the C == D

I have two questions with regard to this

  1. Is this how authenticated diffie-hellman key exchange using digital signatures is normally done ??? If not, how is it normally done ???

  2. Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party ??

  3. Are there any flaws with my implementation of authenticated diffie-hellman key exchange ??

It appears that the textbook version of Diffie Hellman is susceptible to man in the middle attack and the use of digital signatures could prevent this attack from occurring.

Digital signatures could be implemented during the diffie-hellman key exchange in the following way

  1. Alice has a pair of public/private key (SKa,PKa).

  2. Bob has a pair of public/private key(SKb,PKb).

  3. Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)

  4. Alice uses Bob public key PKb to encrypt her secret key Ka.

  5. Alice sends over encrypted Ka and s(m) over to Bob

  6. Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D

  7. Bob authenticates by ensuring that the C == D

I have three questions with regard to this

  1. Is this how authenticated diffie-hellman key exchange using digital signatures is normally done ??? If not, how is it normally done ???

  2. Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party ??

  3. Are there any flaws with my implementation of authenticated diffie-hellman key exchange ??

Source Link
Computernerd
Computernerd
  • 2.5k
  • 9
  • 26
  • 31

Authenticated Diffie Hellman Key Exchange

It appears that the textbook version of Diffie Hellman is susceptible to man in the middle attack and the use of digital signatures could prevent this attack from occurring.

Digital signatures could be implemented during the diffie-hellman key exchange in the following way

  1. Alice has a pair of public/private key (SKa,PKa).

  2. Bob has a pair of public/private key(SKb,PKb).

  3. Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)

  4. Alice uses Bob public key PKb to encrypt her secret key Ka.

  5. Alice sends over encrypted Ka and s(m) over to Bob

  6. Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D

  7. Bob authenticates by ensuring that the C == D

I have two questions with regard to this

  1. Is this how authenticated diffie-hellman key exchange using digital signatures is normally done ??? If not, how is it normally done ???

  2. Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party ??

  3. Are there any flaws with my implementation of authenticated diffie-hellman key exchange ??