Brain Dump

Key Agreement Protocol

Tags
security networking

Is an implementation of perfect forward secrecy where both the client and recipient contribute to the creation of a secure session key.

The general algorithm for a sender/reciever pair of Alice/Bob is:

  1. Alice & Bob declare and share two numbers between themselves.

    • A large prime number p, and
    • A number g,1<g<p.

    These don't need to be secret so they can be sent over an unsafe channel.

  2. Both Alice and Bob now independently pick some random number a and b respectively.

  3. Alice sends Bob ga(modp)

  4. Bob sends Alice gb(modp)

  5. Both Alice and Bob now calculate S=(gbmodp)a=(gamodp)b=gabmodp. S is the secret session key used to secure correspondences between Alice and Bob.

This algorithm is secure so long as the discrete log problem is maintained.

Vulnerabilities

This protocol is still [see page 39, vulnerable] to man in the middle attacks.