[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: OpenSSL: exchanging DH parameters
From: Prakash babu <jprakashbabutest () yahoo ! co ! in>
Date: 2004-01-28 9:22:53
Message-ID: 20040128092253.27589.qmail () web8303 ! mail ! in ! yahoo ! com
[Download RAW message or body]
Hi,
I would suggest to have a copy of the same DH params before hand than to exchange \
during key exchange process because exchanging the key values always exposes you to \
the man-in-the-middle problem.
man-in-the-middle problem.
The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack. In this \
attack, an opponent Carol intercepts Alice's public value and sends her own public \
value to Bob. When Bob transmits his public value, Carol substitutes it with her own \
and sends it to Alice. Carol and Alice thus agree on one shared key and Carol and Bob \
agree on another shared key. After this exchange, Carol simply decrypts any messages \
sent out by Alice or Bob, and then reads and possibly modifies them before \
re-encrypting with the appropriate key and transmitting them to the other party. This \
vulnerability is present because Diffie-Hellman key exchange does not authenticate \
the participants
Reference:
http://www.hack.gr/users/dij/crypto/overview/diffie.html
regards,
Prakash Babu
www.visolve.com
Olia Kerzhner <oliakerzhner@yahoo.com> wrote:
Hi all,
I have a question about DH parameters. From what I
understand, they can either be exchanged during key
exchange, or both Server and Client can have a copy of
the same DH params before hand.
Which way is better -- more efficient and more secure?
Since I'm coding both the Server and the Client, I
could easily have a copy available on each.
Also, do the DH params ever need to change? In other
words, is it OK to use the same DH params for years,
or is that a security hole?
thanks for your help,
Olia
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
Yahoo! India Mobile: Ringtones, Wallpapers, Picture Messages and more.Download now.
[Attachment #3 (text/html)]
<DIV><FONT size=2>
<P>Hi,</P>
<P>I would suggest to have a copy of the same DH params before hand than to exchange \
during key exchange process because exchanging the key values always exposes you to \
the man-in-the-middle problem.</P> \
<P>   \
; \
<STRONG>man-in-the-middle problem</STRONG>.</P></FONT><FONT face="Times New Roman"> \
<P>The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack. In \
this attack, an opponent Carol intercepts Alice's public value and sends her own \
public value to Bob. When Bob transmits his public value, Carol substitutes it with \
her own and sends it to Alice. Carol and Alice thus agree on one shared key and Carol \
and Bob agree on another shared key. After this exchange, Carol simply decrypts any \
messages sent out by Alice or Bob, and then reads and possibly modifies them before \
re-encrypting with the appropriate key and transmitting them to the other party. This \
vulnerability is present because Diffie-Hellman key exchange does not authenticate \
the participants</P> <P><STRONG>Reference:</STRONG></P></FONT></DIV>
<DIV><A href="http://www.hack.gr/users/dij/crypto/overview/diffie.html">http://www.hack.gr/users/dij/crypto/overview/diffie.html</A></DIV>
<DIV> </DIV>
<DIV>regards,</DIV>
<DIV>Prakash Babu</DIV>
<DIV><A href="http://www.visolve.com">www.visolve.com</A><BR></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><BR><B><I>Olia Kerzhner <oliakerzhner@yahoo.com></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: \
#1010ff 2px solid">Hi all,<BR>I have a question about DH parameters. From what \
I<BR>understand, they can either be exchanged during key<BR>exchange, or both Server \
and Client can have a copy of<BR>the same DH params before hand.<BR>Which way is \
better -- more efficient and more secure?<BR>Since I'm coding both the Server and the \
Client, I<BR>could easily have a copy available on each.<BR><BR>Also, do the DH \
params ever need to change? In other<BR>words, is it OK to use the same DH params for \
years,<BR>or is that a security hole?<BR><BR>thanks for your \
help,<BR>Olia<BR><BR>__________________________________<BR>Do you Yahoo!?<BR>Yahoo! \
Hotjobs: Enter the "Signing Bonus" \
Sweepstakes<BR>http://hotjobs.sweepstakes.yahoo.com/signingbonus<BR>______________________________________________________________________<BR>OpenSSL \
Project http://www.openssl.org<BR>User Support Mailing List \
openssl-users@openssl.org<BR>Automated List Manager \
majordomo@openssl.org</BLOCKQUOTE><p><font face=arial size=-1> <a \
href="http://in.mobile.yahoo.com" target="_blank"><b>Yahoo! India Mobile</a>:</b> \
Ringtones, Wallpapers, Picture Messages and more. <font face=arial size=-1>Download \
<a href="http://in.mobile.yahoo.com" target="_blank"><b>now</a></b>.</font>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic