-1

I'm having some trouble implementing some security measures over a network for one of my school projects. We already have a full network running using Ruby. We're trying to use AES 256 CBC using the OpenSSL library. We have experimented with using Diffie Hellman, but this is where we're having trouble: node 1 runs:

require 'openssl'
dh1 = OpenSSL::PKey::DH(256)
der = dh1.public_key.to_der
###we would send der to n2 here

Apparently it's alright to send der over to n2, so n2 would have this portion of code:

require 'openssl'
dh2 = OpenSSL::PKey::DH(der)

and now they have each others' information. However wouldn't a node which was listening to traffic be able to pick this message up and be able to have dh1's key? Having trouble wrapping my head around this.

Datz
  • 69
  • 1
  • 1
  • 7
  • *"[how would the peer]... pick this message up and be able to have dh1's key"* - that's the [key distribution problem](http://cs.wellesley.edu/~cs310/lectures/public_key_slides_handouts.pdf). I think you need to perform some background reading. Does `OpenSSL::PKey::DH(256)` mean 256-bit in Ruby? If so, it likely needs to be larger than 1024-bit due to [logjam](http://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html). – jww Dec 18 '15 at 06:10

1 Answers1

0

Yes a listening node could have dh1's public key. That is how Diffie Hellman works. The eavesdropper does not know either private key and does not know the shared private key. Without knowing one of the private keys it cannot solve for the shared key.

The modulo equations are setup such that when dh2 raises dh1's public key to the value of its own private key (dh1_public_key^dh2_private_key) the result of the equation is the shared key, and vice versa.

Mike S
  • 11,329
  • 6
  • 41
  • 76