Hi, I have a question regarding the generation of DH parameters.
>From GnuTLS documentation ( http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-dh-params-generate2 ) "....Also note that the DH parameters are only useful to servers. Since clients use the parameters sent by the server, it's of no use to call this in client side....." What I have been able to gather from online sources on DH key exchange is that 1) Alice and Bob decides on the prime P and generator G 2) Alice decides on a random number X and sends G(power of X) mod P to Bob 3) Bob decides on a random number Y and sends G(power of Y) mod P to Alice 4) Both Bob and Alice can calculate the shared secret on their own from steps 2 and 3. So my question is - why are the DH params not generated in the client side too ? What is the point in generating the DH params and the shared key in the server (Bob) and sending it to the client (Alice) - won't it be accessible to an attacker when it is sent in the clear ? I would really appreciate if someone can shed some light on how anonymous DH works in GnuTLS. Thanks Ramg
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
