[Cryptography] Non-Authenticated Key Agreement

Philipp Gühring pg at futureware.at
Wed Sep 23 14:04:11 EDT 2015


Diffie-Hellman has one (from my point of view) important, non-obvious and
seemingly largely unknown security property:
It protects both parties from an insecure key resulting from the protocol,
if and only if they follow their part of the protocol correctly.

If Alice originally creates an insecure variable d (data), e.g. due to bad
random number generator, or due to some other problem, 
then Bob will end up with an insecure key, although he followed your
protocol correctly.

Diffie-Hellman makes sure that both parties end up with a secure key d if
at least any one of them has a secure random number generator and follows
the protocol correctly.

Best regards,
Philipp Gühring

More information about the cryptography mailing list