Deffie hellman Algo is used to generate same secret key between two devices without transferring the key over network.
DH groups:
DH group 1 - 768 bit modulus DH group 2 - 1024 bit modulus DH group 5 - 1536 bit modulus DH group 14 - 2048 bit modulus DH group 19 - 256 bit elliptic curve DH group 20 - 384 bit elliptic curve DH group 21 - 521 bit elliptic curve DH group 24 - modular exponentiation group with a 2048-bit modulus and 256-bit prime order subgroup |
Example:
============================================================================== Alice and Bob agree to use a modulus p = 13 and base g = 2 . 1> Alice chooses a secret integer a = 8 and sends A = g^a mod p to bob. 2^8=256 A = 256 mod 13 = 9 2> Bob chooses a secret integer b = 9 and sends B = g^b mod p to Alice 2^9=512 B = 512 mod 13 = 5 3> Alice computes s = B^a mod p 5^8= 390625 s = 429981696 mod 13 = 1 4> Bob computes s = A^b mod p 9^9= 387420489 s = 68719476736 mod 13 = 1 5> Alice and Bob now share a secret 1. Explanation: Alice got shared key 1 as follows: 5^8 mod 13. Now 5 came from bob and it got generated by this operation 2^9=512 mod 13 2^72=4722366482869645213696 4722366482869645213696 mod 13 =1 Bob got shared key 1 as follows: 9^9 mod 13 Now 9 came from alice and it got generated by this operation 2^8 mod 13 (2^72)mod 13=1 Note: Alice select a secret integer 8. This value is not know to anyone except Alice. Bob select a secret integer 9. This value is not know to anyone except Bob. p is called as prime modulus. g is called a generator.
Advertisements