RE: Please Review a Diffie Hellman diagram

["Hall, Carl" <carl_hall () homedepot com>]

Also Saqib:
The private values X in your diagram (a and b in the description from
Sanjay), are chosen to be less than the modulus T (modulus p in Sanjay's
descripion).


Carl

-----Original Message-----
From: Burke, Charles 
Sent: Monday, January 09, 2006 9:25 AM
To: Hall, Carl
Subject: FW: Please Review a Diffie Hellman diagram


You need to register with security focus if you like emails like this.

-----Original Message-----
From: Sanjay Rawat [mailto:sanjayr () intoto com] 
Sent: Monday, January 09, 2006 6:01 AM
To: Saqib Ali; webappsec () securityfocus com
Subject: Re: Please Review a Diffie Hellman diagram

Hi Saqib:

The diagram is nice, but content wise, its not (esp. from Mathematics
point 
of view). The chosen number R & T are not just any number (or just any 
prime numbers). please see the description below (I was lazy enough to 
write, so I stole it from a site!!!!):
----------------------------------------

The protocol has two system parameters p and g. They are both public and

may be used by all the users in a system. Parameter p is a prime number
and 
parameter g (usually called a generator) is an integer less than p, with

the following property: for every number n between 1 and p-1 inclusive, 
there is a power k of g such that n = g^k mod p.

Suppose Alice and Bob want to agree on a shared secret key using the 
Diffie-Hellman key agreement protocol. They proceed as follows: First, 
Alice generates a random private value a and Bob generates a random
private 
value b. Both a and b are drawn from the set of integers . Then they
derive 
their public values using parameters p and g and their private values. 
Alice's public value is g^a mod p and Bob's public value is g^b mod p.
They 
then exchange their public values. Finally, Alice computes g^(ab) =
(g^b)^a 
mod p, and Bob computes g^(ba) = (g^a)^b mod p. Since g^(ab) = g^(ba) =
k, 
Alice and Bob now have a shared secret key k.
----------------------------------------

Also, it your diagram under "step 4", it will be nice if you show the 
commutative law of multiplication to make the point (ie why both Alice
and 
Bob would have the same number at the end of the protocol) more clear.
this 
point is described in above paragraph -- "Finally, Alice
computes.........."

Regards
Sanjay

At 07:01 AM 1/7/2006, Saqib Ali wrote:
> Please review the following visual depiction of Diffie Hellman Key 
> Exchange:
>
> http://www.xml-dev.com/blog/index.php?action=viewtopic&id=196
>
> I would like to recieve corrections, or ideas on how to improve the 
> diagram so it is self-explanatory.
>
> --
> Saqib Ali, CISSP
> http://www.xml-dev.com/blog/
> "I fear, if I rebel against my Lord, the retribution of an Awful Day 
> (The Day of Resurrection)" Al-Quran 6:15
>
> -----------------------------------------------------------------------
> --------
> Watchfire's AppScan is the industry's first and leading web application
> security testing suite, and the only solution to provide comprehensive
> remediation tasks at every level of the application. See for yourself.
> Download AppScan 6.0 today.
>
> https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh



------------------------------------------------------------------------
-------
Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
------------------------------------------------------------------------
-------


-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------