TLS/SSL handshake

 

This diagram illustrates the SSL or TLS handshake as described in the text preceding the diagram.

The combination of Diffie-Hellman and the use of ephemeral session keys are what enables “Forward Secrecy”: even if an attacker gains access to the server’s private key they are not able to passively listen in on the active session, nor can they decrypt previously recorded sessions.

Diffie-Hellman Key Exchange

Both A, B create the shared key together.

Prime number g, p will be chosen and let both sides known

A: pick a, and compute g^a mod p, send to B

B: pick b, and compute g^b mod p, send to A

to get the shared key:  A do: B^a mod p, and B do: A^b mod p

(ga mod p)b mod p = gab mod p
(gb mod p)a mod p = gba mod p

 

References

https://www.ibm.com/support/knowledgecenter/mobile/#!/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm

http://chimera.labs.oreilly.com/books/1230000000545/ch04.html

http://security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english

Please rate this


Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>