[About] Diffie Hellman Key Exchange ?

Healian · 06/15/2012, 22:26

i understand the the DH key exchange is a method to share a secret in a public network without the result of anyone to know the secret ...

but the question here

if i have

Quote:

PC1: PC2:
P=41 P=41
G=35 G=35
X=9 X=24

Step 1: 35^9 % 41 = 22 (Sent to PC2) Step 2: 22^24 % 41 = 18 (Not Sent)
Step 4: 16^9 % 41 = 18 (Not Sent) Step 3: 35^24 % 41 = 16 (Sent to PC1)

PubKey = 22 PubKey = 16
SecretKey = 18 SecretKey = 18

What would we benefit of knowing the secret key if we cannot send it again to make sure that this is the same secret key of the other one the third guy would send me an 18 too ...

How would the client\server know that the secret key is identical of each other ?

(PC1 knows that the secret is 18 , PC2 knows that the secret is 18 ... so what then ?)

and as i read reversing the secret key is very hard , so how would anyone use DH Key to bybass encryption ? how this works

I maybe mistakly understood so please help ///

~~pro4never~~ · 06/15/2012, 23:14

I'm a little lost as to what exactly you are asking but I'll do my best to help...

When writing a server, you need to perform a DH Exchange so that both client and server are using the same key for their encryption. This allows them to communicate properly.

You mention reversing the secret key though... You aren't 'reversing' it when dealing with a Client/Server setup... you're for all intensive purposes sharing it securely over an unsecured connection. You're using two pieces of known information to generate an unknown piece of information on the other end.

On the other hand, if you're referring to reversing this key in terms of intercepting trafic... you need to be performing a man in the middle attack for something like a proxy.

basically you trick the client into connecting to your proxy which then handles the server connection itself. In this case you don't need to know much of the information being exchanged... you simply imitate the server response to the client and imitate the client response to the server using your own keys.

Sorry for my post being scattered. You don't use the DHKey to bypass encryption at all... you use it to initialize the encryption.

If you want to bypass encryption, you have to hook into the client and essentially overwrite the encryption... or you could just overwrite the dhkey exchange sequence so that it uses the old version which is very well documented to allow you to set up your CAST encryption.

Healian · 06/15/2012, 23:23

i readed about the DH key cuz i wanna my source to run on 5572 client ..

and while i was reading , i wondered what is the benefit from the DH Key for encypting data lets assume that

me and you chosen the Prime Number : 5 and an integer which is less than the 5 lets say 3

So the P=5 | G=3

Then i made a secret number X in my mind and you too , then we began the process and we ended with numbers , how could you make sure that the number i got is the same as you . so you can know that the person you talk is me ?

or i mistalky understood and the dh key is not used for AsK\ACKnoWledge

~~pro4never~~ · 06/16/2012, 00:03

DHKey does not encrypt anything... it's how you set up your game encryption.

Game encryption needs a key. DHExchange is how that key is 'securely' communicated between the client and sever to set up that encryption.

This exchange is a ONE time exchange PER CLIENT. The key is not the same between various clients which connect to the server. That's why the exchange is needed, to transmit that key between client and server.

To use the new encryption... you need to update your exchange packets so that you can pull out the public key, then you need to run it through a MD5 hash (as it's now further secured thanks to clientless bots), you then use it to initialize your CAST encryption.

Gratz! you now have the encryption set up for a current client and can continue on through normal packet structuring/sequences to update your source to current patch!

Healian · 06/16/2012, 00:13

dont gratz me cuz i cant do what you said i think i failed... can you look at my thread

you may have a solution for me cuz i really very disappointed

_tao4229_ · 06/16/2012, 04:17

Their secret keys are mathematically guaranteed to be the same, they don't have to "figure out" that they are the same for each other (g^(a * b) mod p is the same as g ^(b * a) mod p because b a = a b). The secret number is then fed to the real encryption to do the work. People can "bypass" the encryption with bots because they hear the message sending g^x mod p from each side so they can create their own secret key.