[GUIDE] Diffie Hellman Key Exchange

02/22/2010 20:35 gabrola#1

First, the Diffie Hellman (DH) Key Exchange is a cryptographic method of sharing a secret key over a public or insecure network, this key can be used to encrypt and decrypt data using symmetric key ciphers such as Blowfish as used by CO
In this guide I'll cover the basic concept on how DH works and how to generate keys.
I'll be be using two hosts/computers for my explanation, I'll refer to them as PC1 and PC2.
Now, both PC1 and PC2 need to agree on a Prime number (P) greater than 2 and an Integer (G) which is less than P. PC1 generates the P and G and sends them over to PC2, it's not a big deal if a spy or hacker gains access to the P and G, since that's the whole idea of of using DH in an insecure network. Next both PC's generate a random secret key (let's call this X) which will never be sent over the network, X also has to be less than P-1, now let's apply what we did now.
PC1 Generates P=41, G=35 and sends them over to PC2, both now have the same P and G, PC1 generates X=9, PC generates X=24, so that means:

Code:

PC1:		PC2:
P=41		P=41
G=35		G=35
X=9		X=24

Now we start getting our public keys and secret keys (that's different than random secret key X), first on PC1 we get our integer and raise it to the power of our X then we mod (modulus) by our prime number, (G^X) % P, that's now our public key, we send that public key over to PC2, now PC2 takes that public key and raises it to the power of it's own X then mod by P again, that's our Secret Key of PC2, formula (PC1_PubKey^X) % P, now we also do the same process on PC2 by generating the PC2 pub key using the same formula (G^X) % P and send it to PC1 and do the same and get the PC1 Secret Key using the formula (PC2_PubKey^X) % P, and that turns out to be the same public key as the one on PC2 without actually sending it over the network. Now even though this information was sent over a public/insecure network, the random secrets (X) were never sent over the network and that makes it extremely difficult to reverse these numbers. Now let's use my examples above.

Code:

PC1:		PC2:
P=41		P=41
G=35		G=35
X=9		X=24

PC1: (35^9) % 41 = 22, set that as public key and send over to PC2
PC2: (22^24) % 41 = 18, that's our Secret Key, now we generate a public key, (35^24) % 41 = 16, send it to PC1
PC1: (16^9) % 41 = 18, that's the same secret key as PC2

Code:

PC1:						PC2:
P=41						P=41
G=35						G=35
X=9						X=24

Step 1: 35^9 % 41 = 22 (Sent to PC2)		Step 2: 22^24 % 41 = 18 (Not Sent)
Step 4: 16^9 % 41 = 18 (Not Sent)		Step 3: 35^24 % 41 = 16 (Sent to PC1)

PubKey = 22					PubKey = 16
SecretKey = 18					SecretKey = 18

Hope you like it and don't forget a +Thanks

02/23/2010 21:36 InfamousNoone#2

I don't see why this isn't sufficient?
Diffie?Hellman key exchange - Wikipedia, the free encyclopedia

Why bother posting another explanation when there already is one?

02/23/2010 21:58 gabrola#3

Never looked at the wikipedia page, they usually don't give an easy to understand explanation, but not this time.

02/23/2010 22:48 ImFlamedCOD#4

I don't believe anything on Wikipedia because its so easy for someone to change the information and you can never be sure of its quality of material good explanation Gabby. This should help noobies understand it a little more. Or not at all.

02/24/2010 00:12 Korvacs#5

Its a good post.....but im not sure why this is neccassery.

For one thing like inf said its already documented, not only on the wiki, but on hundreds/thousands of other websites.

And for anouther, unless you wanted to completely write your own DH Key exchange, and your own Blowfish cipher, i dont really see why this information is relevant to anyone. You can use pre-made libaries to do this sort of thing, and i would imagine that they are in most cases faster than you could make them by yourself.

02/24/2010 06:30 gabrola#6

It's still useful to know how these libraries work instead of just using them

06/15/2012 15:32 Healian#7

lol your the best understanding method i ever met thx ya fla7 :P

06/17/2012 18:37 romeoromeo#8

is that means that the G and P are only known by the server ? and server will send it to clients ? or client already has the P and G ? !!!
and !! if it only known by server ? so the only way to know them is to trick the server to connect to me via proxy ... and send em to me first ? !!

06/18/2012 23:31 pro4never#9

Quote:

Originally Posted by romeoromeo

is that means that the G and P are only known by the server ? and server will send it to clients ? or client already has the P and G ? !!!
and !! if it only known by server ? so the only way to know them is to trick the server to connect to me via proxy ... and send em to me first ? !!

P and G are sent publicly over the network. Using a proxy like you describe is called a man in the middle attack and is how the conquer proxies were written.

You generate your own P/G for the server and respond to the client's P/G with your own response.

This way you have different encryption set up to go Client<->Proxy and a separate instance going Proxy<->Server.

06/19/2012 00:52 romeoromeo#10

Quote:

You generate your own P/G for the server and respond to the client's P/G with your own response.

sorry it now confuse me again ....
sender and reciver have same P and g .... then each get random x and send resut of (x^p mod G) then generate the secret key ? thats it ?????
if P and G are sent publicly ... by server?.. and if P and G have to be same for both sender and reciever ... and each one will generate the Random x in order to get the secret key !!
why i generate my own P & G again if it already sent publicly ?
and (if) i generate my own P and G ... how can i be sure its same as server P and g

06/26/2012 20:50 I don't have a username#11

Before you look into this, learn cryptography.