Also Saqib:
The private values X in your diagram (a and b in the description from
Sanjay), are chosen to be less than the modulus T (modulus p in Sanjay's
descripion).
Carl
-----Original Message-----
From: Burke, Charles
Sent: Monday, January 09, 2006 9:25 AM
To: Hall, Carl
Subject: FW: Please Review a Diffie Hellman diagram
You need to register with security focus if you like emails like this.
-----Original Message-----
From: Sanjay Rawat [mailto:sanjayr@intoto.com]
Sent: Monday, January 09, 2006 6:01 AM
To: Saqib Ali; webappsec@securityfocus.com
Subject: Re: Please Review a Diffie Hellman diagram
Hi Saqib:
The diagram is nice, but content wise, its not (esp. from Mathematics
point
of view). The chosen number R & T are not just any number (or just any
prime numbers). please see the description below (I was lazy enough to
write, so I stole it from a site!!!!):
----------------------------------------
The protocol has two system parameters p and g. They are both public and
may be used by all the users in a system. Parameter p is a prime number
and
parameter g (usually called a generator) is an integer less than p, with
the following property: for every number n between 1 and p-1 inclusive,
there is a power k of g such that n = g^k mod p.
Suppose Alice and Bob want to agree on a shared secret key using the
Diffie-Hellman key agreement protocol. They proceed as follows: First,
Alice generates a random private value a and Bob generates a random
private
value b. Both a and b are drawn from the set of integers . Then they
derive
their public values using parameters p and g and their private values.
Alice's public value is g^a mod p and Bob's public value is g^b mod p.
They
then exchange their public values. Finally, Alice computes g^(ab) =
(g^b)^a
mod p, and Bob computes g^(ba) = (g^a)^b mod p. Since g^(ab) = g^(ba) =
k,
Alice and Bob now have a shared secret key k.
----------------------------------------
Also, it your diagram under "step 4", it will be nice if you show the
commutative law of multiplication to make the point (ie why both Alice
and
Bob would have the same number at the end of the protocol) more clear.
this
point is described in above paragraph -- "Finally, Alice
computes.........."
Regards
Sanjay
At 07:01 AM 1/7/2006, Saqib Ali wrote:
Please review the following visual depiction of Diffie Hellman Key
Exchange:
http://www.xml-dev.com/blog/index.php?action=viewtopic&id=196
I would like to recieve corrections, or ideas on how to improve the
diagram so it is self-explanatory.
--
Saqib Ali, CISSP
http://www.xml-dev.com/blog/
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------------------------------------------------------------------
--------
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
------------------------------------------------------------------------
-------
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
------------------------------------------------------------------------
-------
-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------
