0

I Want to create my own safe connection for a VOIP app.

Now I am looking into key exchange which seems to be much more Tricky than encrypting/decrypting.

Are there any better approaches than Diffie-Hellman in practice ?

I understand the concept of Diffie-Hellman but I think it needs the right values to be safe since with natural numbers it could be easily be guessed. How can I get those values using python, what are they and is it really safe from key guessing?

Please help me with some background informations / inspiring.

ZdaR
  • 22,343
  • 7
  • 66
  • 87
Rainbowdesign
  • 63
  • 1
  • 1
  • 5

3 Answers3

1

Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.

The most serious limitation of Diffie-Hellman in its basic or "pure" form is the lack of authentication. Communications using Diffie-Hellman all by itself are vulnerable to man in the middle attacks. Ideally, Diffie-Hellman should be used in conjunction with a recognized authentication method such as digital signatures to verify the identities of the users over the public communications medium.

More light on the topic is available below:

1 link 1

2 link 2

3 link 3

Community
  • 1
  • 1
Tharif
  • 13,794
  • 9
  • 55
  • 77
0

DH is fine for this purpose, just make to sure to use 2048 bit keys or more.

However for VoIP the standards are TLS with SRTP/zrtp so it would be better if you would implement these. With DH you loose compatibility and will introduce a lot of complications. Also note that DH is only for key exchange, so you will need something also for the encryption itself. With TLS you could handle all these in one step by using a well know implementation instead to write your own encryption stack from scratch.

Istvan
  • 1,591
  • 1
  • 13
  • 19
0

Diffie-Hellman is a key exchange algorithm. So Anyone can access your public parameters. You can use safety except declassified private parameters. It's so important create sharedkey safety. If you want to more secure system, try forward-secrecy

dralexnumber
  • 238
  • 2
  • 10