Deffie hellman Algo is used to generate same secret key between two devices without transferring the key over network.
DH groups:
DH group 1 - 768 bit modulus DH group 2 - 1024 bit modulus DH group 5 - 1536 bit modulus DH group 14 - 2048 bit modulus DH group 19 - 256 bit elliptic curve DH group 20 - 384 bit elliptic curve DH group 21 - 521 bit elliptic curve DH group 24 - modular exponentiation group with a 2048-bit modulus and 256-bit prime order subgroup |
Example:
============================================================================== Alice and Bob agree to use a modulus p = 20 and base g = 2 . 1> Alice chooses a secret integer a = 8 and sends A = g^a mod p to bob. 2^8=256 A = 256 mod 20 = 16 2> Bob chooses a secret integer b = 9 and sends B = g^b mod p to Alice 2^9=512 B = 512 mod 20 = 12 3> Alice computes s = B^a mod p 12^8= 429981696 s = 429981696 mod 20 = 16 4> Bob computes s = A^b mod p 16^9= 68719476736 s = 68719476736 mod 20 = 16 5> Alice and Bob now share a secret 16. Explanation: Alice got shared key 16 as follows: 12^8 mod 20. Now 12 came from bob and it got generated by this operation 2^9 mod 20 2^4722366482869645213696 mod 20 =16 Bob got shared key 16 as follows: 16^9 mod 20 Now 16 came from alice and it got generated by this operation 2^8 mod 20 (2^4722366482869645213696)mod 20=16 Note: Alice select a secret integer 8. This value is not know to anyone except Alice. Bob select a secret integer 9. This value is not know to anyone except Bob. p is called as prime modulus. g is called a generator.
Advertisements