[Help-gnutls] DHE_DSS
Adam Langley
alangley at gmail.com
Sun Jul 31 14:08:21 CEST 2005
On 7/31/05, Michael Berhanu <michaelberhanu at gmail.com> wrote:
> Could someone give me an overview of how Diffie-Hellman ephemeral key
> exchange based on DSS works? I'm asking here not for a code overview,
> but rather a conceptual overview. I've tried to understand it by going
> through a number of rfcs but it hasn't worked for me.
You can find a description of the maths of DH all over the place[1] so
I wont go into that here.
DH allows two parties to agree on a shared key such that no
eavesdropper can learn the key (for some bound on computational
ability). This key is used for the current session only and is
discarded afterwards. This gives it 'perfect forward secrecy' - you
cannot be made to give up the session key at a later date. That's the
E in EDH (and DHE, which is the same thing).
However, an attacker who can manipulate the exchange between two hosts
can launch a man-in-the-middle attack against DH. So DSS is used to
sign the DH exchange so that you know that the host which you're
agreeing a key with is the one that you expect.
Once the key material has been exchanged, it's used to seed the
generation of the symmetric key (the generation may just be the
identity function).
[1] http://en.wikipedia.org/wiki/Diffie-Hellman
[2]
http://en.wikipedia.org/wiki/Perfect_forward_secrecy
AGL
--
Adam Langley agl at imperialviolet.org
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
More information about the Gnutls-help
mailing list