All geek questions in one place

SSL and Diffie-Hellman

So, I read this one and was surprised at Remus's answer. Because I thought it was quite the opposite.

So, as for my question. Why is a program that uses diffie-hellman key exchange to install on a shared key for encrypting / decrypting messages (usually) less secure than SSL?

Edit: I know that SSL uses a digital certificate, but since my program only communicates with itself (client-server), which in any case does not matter, right?

+6
source share
3 answers

The Remus post basically cautions against creating your own crypto protocols (because you are likely to make some fatal error) and use the existing SSL solution instead.

You can write a secure network protocol using only Diffie-Hellman as an asymmetric cryptogram along with some symmetric crypto. My favorite secure network protocol works that way. A program using DH is no weaker than SSL in itself, but a program in which, most likely, not a crypto option was developed, a developed protocol.

But if you develop your own protocol, you will need to learn a little cryptography to get it right. You probably need a peer review for your design and code if you made a mistake somewhere. But getting this review is not easy if your product is not well-known or you pay them.

SSL confirmation does two basic things:

  • It uses a certificate to verify that the server is authorized to represent the domain with which you want to communicate.

    In the most common case, the Certification Authority notes that the owner of a certain key pair is the legal owner of a certain domain (this takes the form of a certificate). This part is as safe as the weakest CA.

    If you only need to exchange data with only one server, you can hard-edit the server fingerprint, cutting out all of the CA and PKI. This approach is similar to the way you usually handle SSH fingerprints.

  • It generates a session key.

Strong SSL packets use a certificate for server authentication and DH to generate a session key. Weaker apartments use a certificate for both.

Naive DH-based protocols are likely to forget to authenticate the server, allowing an active attacker to connect to MitM. You need to somehow authenticate the server, even if it is simply by hard-coding the server’s public key on your client.

+4
source

Remus does not comment on the pros and cons of a particular encryption algorithm.

Instead, he comments on the need to avoid writing his own cryptograms. I agree with him 100% .

Writing encryption protocols is very difficult and fraught with danger. Any number of exceptionally subtle errors can easily sneak in and make your system unprotected. Even experts are often mistaken and need to be corrected for future dates.

It is also a sign of platform maturity that it is so easy to use stock tools with the help of other WCF platform components.

+2
source

SSL uses digital certificates to prevent man-in-the-center attacks. If a hacker can not only intercept, but also modify messages, your DH-based encryption will fail because your program will establish a secret key with a hacker, and a hacker will set a secret key with a server. You can use the RSA key pair to create private keys - the public key in the client, the private key on the server. Since the hacker does not know the private key, he cannot decrypt the private key.

0
source

Source: https://habr.com/ru/post/944474/

More articles:


All Articles