tailieunhanh - Diffie-Hellman Key Exchange – A Non-Mathematician’s Explanation

A colleague once asked if I could help him understand the Diffie-Hellman key exchange protocol . . . without digging through the math. My answer was, “Yes, I can, but not easily.” Doing so requires a few diagrams because, in this particular case, a picture is worth several complex equations! First things first. What is Diffie-Hellman (DH), and why should you care? DH is a mathematical algorithm that allows two computers to generate an identical shared secret on both systems, even though those systems may never have communicated with each other before. That shared secret can then be used to securely. | Global Knowledge Expert Reference Series ofWhite Papers Diffie-Hellman Key Exchange A Non-Mathematician s Explanation 1-800-COURSES Diffie-Hellman Key Exchange A Non-Mathematician s Explanation Keith Palmgren Global Knowledge Instructor CISSP Security TICSA Opening Discussion A colleague once asked if I could help him understand the Diffie-Hellman key exchange protocol . without digging through the math. My answer was Yes I can but not easily. Doing so requires a few diagrams because in this particular case a picture is worth several complex equations First things first. What is Diffie-Hellman DH and why should you care DH is a mathematical algorithm that allows two computers to generate an identical shared secret on both systems even though those systems may never have communicated with each other before. That shared secret can then be used to securely exchange a cryptographic encryption key. That key then encrypts traffic between the two systems. You should care about Diffie-Hellman because it is one of the most common protocols used in networking today. This is true even though the vast majority of the time the user has no idea it is happening. DH is commonly used when you encrypt data on the Web using either Secure Socket Layer SSL or Transport Layer Security TLS . The Secure Shell SSH protocol also utilizes DH. Of course because DH is part of the key exchange mechanism for IPSec any VPN based on that technology utilizes DH as well. The overall IPSec key management framework is Internet Security Association and Key Management Protocol or ISAKMP from RFC 2408. Within that framework is the Internet Key Exchange IKE protocol in RFC 2401. IKE relies on yet another protocol known as OAKLEY and it uses Diffie-Hellman as described in RFC 2412. It is an admittedly long trail to follow but the result is that DH is indeed a part of the IPSec standard. It is true that a VPN or SSL system could be in use for years without the System Administrator .

TỪ KHÓA LIÊN QUAN