General overview[edit]

 

Illustration of the idea behind Diffie–Hellman key exchange

Diffie–Hellman key exchange establishes a shared secret between two parties that can be used for secret communication for exchanging data over a public network. The following conceptual diagram illustrates the general idea of the key exchange by using colors instead of very large numbers.

The process begins by having the two parties, Alice and Bob, agree on an arbitrary starting color that does not need to be kept secret (but should be different every time[3]); in this example the color is yellow. Each of them selects a secret color that they keep to themselves. In this case, orange and blue-green. The crucial part of the process is that Alice and Bob now mix their secret color together with their mutually shared color, resulting in orange-tan and light-blue mixtures respectively, then publicly exchange the two mixed colors. Finally, each of the two mix together the color they received from the partner with their own private color. The result is a final color mixture yellow-brown that is identical to the partner's color mixture.

If a third party listened to the exchange, it would be computationally difficult for them to determine the secret colors. In fact, when using large numbers rather than colors, this action is computationally expensive for modern supercomputers to do in a reasonable amount of time.

Cryptographic explanation[edit]

The simplest and the original implementation of the protocol uses the multiplicative group of integers modulo p, where p is prime, and g is a primitive root modulo p. These two values are chosen in this way to ensure that the resulting shared secret can take on any value from 1 to p–1. Here is an example of the protocol, with non-secret values in blue, and secret values in red.

  1. Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23).
  2. Alice chooses a secret integer a = 4, then sends Bob A = ga mod p
    • A = 54 mod 23 = 4
  3. Bob chooses a secret integer b = 3, then sends Alice B = gb mod p
    • B = 53 mod 23 = 10
  4. Alice computes s = Ba mod p
    • s = 104 mod 23 = 18
  5. Bob computes s = Ab mod p
    • s = 43 mod 23 = 18
  6. Alice and Bob now share a secret (the number 18).

Both Alice and Bob have arrived at the same value s, because, under mod p,

{\displaystyle {\color {Blue}A}^{\color {Red}b}{\bmod {\color {Blue}p}}={\color {Blue}g}^{\color {Red}ab}{\bmod {\color {Blue}p}}={\color {Blue}g}^{\color {Red}ba}{\bmod {\color {Blue}p}}={\color {Blue}B}^{\color {Red}a}{\bmod {\color {Blue}p}}}[8]

More specifically,

{\displaystyle ({\color {Blue}g}^{\color {Red}a}{\bmod {\color {Blue}p}})^{\color {Red}b}{\bmod {\color {Blue}p}}=({\color {Blue}g}^{\color {Red}b}{\bmod {\color {Blue}p}})^{\color {Red}a}{\bmod {\color {Blue}p}}}

Note that only ab, and (gab mod p = gba mod p) are kept secret. All the other values – pgga mod p, and gb mod p – are sent in the clear. Once Alice and Bob compute the shared secret they can use it as an encryption key, known only to them, for sending messages across the same open communications channel.

Of course, much larger values of ab, and p would be needed to make this example secure, since there are only 23 possible results of n mod 23. However, if p is a prime of at least 600 digits, then even the fastest modern computers cannot find a given only gp and ga mod p. Such a problem is called the discrete logarithm problem.[3] The computation of ga mod p is known as modular exponentiation and can be done efficiently even for large numbers. Note that g need not be large at all, and in practice is usually a small integer (like 2, 3, ...).

Diffie–Hellman key exchange的更多相关文章

  1. 深入浅出Diffie–Hellman

    一.作者 这个密钥交换方法,由惠特菲尔德·迪菲(Bailey Whitfield Diffie).马丁·赫尔曼(Martin Edward Hellman)于1976年发表. 二.说明 它是一种安全协 ...

  2. 浅析Diffie–Hellman

    一.作者 这个密钥交换方法,由惠特菲尔德·迪菲(Bailey Whitfield Diffie).马丁·赫尔曼(Martin Edward Hellman)于1976年发表. 二.说明 它是一种安全协 ...

  3. Git 常见问题: unable to negotiate with *.*.*.*: no matching key exchange methodfound...

    在Windows上更新了git 版本后,clone/pull时出现错误, unable to negotiate with *.*.*.*: no matching key exchange meth ...

  4. Navicat 用ssh通道连接时总是报错 (报错信息:SSH:expected key exchange group packet form serve

    转:https://blog.csdn.net/qq_27463323/article/details/76830731 之前下了一个Navicat 11.0 版本 用ssh通道连接时总是报错 (报错 ...

  5. 连接远程数据库时出现 SSH: expected key exchange group packet from server / 2003 - Can't connect to MySQL server on 'XXX' (10038) / 1130 - Host 'XXX' is not allowed to connect to this MySQL server

    昨天在自己的远程服务器上玩,把系统重装了.新装了MySQL,在本地用navicat连接的时候出了几个小问题. 问题一:SSH: expected key exchange group packet f ...

  6. git clone 报错Unable to negotiate with xxx.xxx.xxx.xxx port 12345: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

    在执行git clone命令报错 Unable to negotiate with xxx.xxx.xxx.xxx port 12345: no matching key exchange metho ...

  7. 关于no matching key exchange method found. Their offer: diffie-hellman-group1-sha1的解决办法

    原文链接:https://mycyberuniverse.com/error/no-matching-key-exchange-method-found-openssh7.html What caus ...

  8. 数据库连接出错 expected key exchange group packet form server

    数据库连接出错 expected key exchange group packet form server SSH: expected key exchange group packet form ...

  9. no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

    1. 使用git克隆项目报错 $ git clone ssh://liuchao@192.168.7.32:29418/platform/Midou Cloning into 'Midou'... U ...

随机推荐

  1. mac pro电脑怎么安装rabbitmq

    第一:依次执行以下命令: 1.  /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/inst ...

  2. duilib 修复CTreeViewUI控件动态添加子控件时,对是否显示判断不足的bug

    转载请说明出处,谢谢~~:http://blog.csdn.net/zhuhongshu/article/details/42264947 这个bug我在仿酷狗开发日志里提到过,不过后来发现修复的不够 ...

  3. TCP与UDP区别详解

    TCP协议与UDP协议的区别    首先咱们弄清楚,TCP协议和UCP协议与TCP/IP协议的联系,很多人犯糊涂了,一直都是说TCP/IP协议与UDP协议的区别,我觉得这是没有从本质上弄清楚网络通信! ...

  4. sourceTree的下载与安装

    一. SourceTree是什么? 一个拥有可视化界面的项目版本控制的软件,适用于git项目管理,在window和mac均可使用. 二. SourceTree下载 下载地址:SourceTree官网 ...

  5. Linux查找后执行命令

    find . -name '*.jsp' -type f -print -exec rm -rf {} \; 在当前目录下找到jsp文件并删除.

  6. .net core 中 identity server 4 之Topic --定义API资源

    想要让客户端能够访问API资源,就需要在Identity Server中定义好API的资源. Scope作用域:即API资源的访问范围限制. 作用域是一个资源 (通常也称为 Web API) 的标识符 ...

  7. winform MDI子窗口闪动问题(本人测试100%有效解决闪屏问题)

    将下面的代码随便放到主窗体的任何一个地方 protected override CreateParams CreateParams //解决MDI闪屏 { get { CreateParams cp ...

  8. 拦截asp.net输出流做处理

    本文标题是指对已经生成了HTML的页面做一些输出到客户端之前的处理. 方法的原理是:把Response的输出重定向到自定义的容器内,也就是我们的StringBuilder对象里,在HTML所有的向页面 ...

  9. TP中搜索条件

  10. 好消息! 不用再羡慕Python有jupyter 我R也有Notebook了【附演示视频】

    熟悉python的朋友可能知道jupyter notebook.它是一个Web应用程序,允许你创建和共享代码,方程,可视化和说明性文本文档.现在,我们可以在RStudio中实现R Notebook的功 ...