Hi,
I would suggest to have a copy of the same DH params before hand than to exchange during key exchange process because exchanging the key values always exposes you to the man-in-the-middle problem.
man-in-the-middle problem.
The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack. In this attack, an opponent Carol intercepts Alice's public value and sends her own public value to Bob. When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. Carol and Alice thus agree on one shared key and Carol and Bob agree on another shared key. After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. This vulnerability is present because Diffie-Hellman key exchange does not authenticate the participants
Reference:
Olia Kerzhner <[EMAIL PROTECTED]> wrote:
Hi all,
I have a question about DH parameters. From what I
understand, they can either be exchanged during key
exchange, or both Server and Client can have a copy of
the same DH params before hand.
Which way is better -- more efficient and more secure?
Since I'm coding both the Server and the Client, I
could easily have a copy available on each.
Also, do the DH params ever need to change? In other
words, is it OK to use the same DH params for years,
or is that a security hole?
thanks for your help,
Olia
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Yahoo! India Mobile: Ringtones, Wallpapers, Picture Messages and more. Download now.
