Ram G wrote: > I would like to run a design by you. The requirement (and the constraint) is > that I have to design a secure communication channel without using > certificates. I'm trying out DH key exchange.
An unfortunate, if common, misnomer. DH key agreement is a better term, since it denotes that an implicit master, pairwise secret exists between any two participants - the result of modular exponentiation using one's own private key and the counterpart's public key. > My proposed design is a two step process for communication: > > 1) Use Anonymous DH and estiablish the "shared secret". This is done at some > predefined interval - may be once everyday or once every week. See the SKIP design, which never uses the master secret directly, but has a course-grained counter (time_t) to prevent replay attacks. > 2) In the second step of the communication, we will use the "shared secret" > from step 1 for authentication. This will be done using Diffie-Hellman key > exchange with pre-shared keys (DHE-PSK, support for which is added in > version 1.0.0 ) > > 3) Once the client is authenticated, all communication is encrypyted using > the master secret derived from DHE-PSK. See the above comments - don't use the master secret directly. > This removes the need for me to establish passwords before two parties can > communicate and generates passwords on the fly. > > Will this secure me against man-in-the-middle attacks which is possible with > anonymous DH and without authentication ? Yes, properly implemented, and assuming integrity of private keys. An intermediary cannot play without the shared secret. You require only trusted (possibly OOB in your scenario) publication of public keys. -- Michael Sierchio +1 415 378 1182 PO Box 9036 ku...@tenebras.com Berkeley CA 94709 http://xijiaoshan.blogspot.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
