Cryptography Reference
In-Depth Information
is slower than it could be, even with all the speed-ups employed — but it's still
not realistic to apply RSA encryption to a data stream in real time. You would
severely limit the network utilization if you did so. As a result, SSL actually calls
on you to select a symmetric-key algorithm, generate a key, encrypt that key
using an RSA public key, and, after that key has been sent and acknowledged,
to begin using the symmetric algorithm for subsequent communications. The
details of how precisely to do this is examined in painstaking detail in Chapter 6.
Achieving Perfect Forward Secrecy with Diffi e-
Hellman Key Exchange
The security in RSA rests in the diffi culty of computing fi rst the private exponent
d
from the public key
e
and the modulus
n
as well as the diffi culty in solving
the equation m
x
%n
c for m. This is referred to as the
discrete logarithm
prob-
lem. These problems are both strongly believed (but technically not proven) to
be impossible to solve other than by enumerating all possible combinations.
Note that although RSA can be used as a complete cryptography solution, its
slow runtime limits its practical uses to simple encryption of keys to be used
for symmetric cryptography. Another algorithm that relies similarly on the
diffi culty of factoring large prime numbers and the discrete logarithm prob-
lem is
Diffi e-Hellman
key exchange, named after its inventors, Whitfi eld Diffi e
and Martin Hellman and originally described by Diffi e and Hellman in the
“Journal IEEE Transactions on Information Theory 22” in 1976. One signifi cant
difference between RSA and Diffi e-Hellman is that although RSA can be used
to encrypt arbitrary bits of data, Diffi e-Hellman can only be used to perform a
key exchange because neither side can predict what value both sides will ulti-
mately agree upon, even though it's guaranteed that they'll both arrive at the
same value. This ability to encrypt arbitrary data using RSA, although desir-
able in some contexts, is something of a double-edged sword. One potential
drawback of the RSA algorithm is that, if the private key is ever compromised,
any communication that was secured using that private key is now exposed.
There's no such vulnerability in the Diffi e-Hellman key exchange algorithm.
This property — communications remaining secure even if the private key is
uncovered — is referred to as
perfect forward secrecy
.
Diffi e-Hellman key agreement relies on the fact that
g
ab
%p
g
ba
%p
(g
a
%p)
b
%p
(g
b
%p)
a
%p
and
p
are agreed on by both sides, either offl ine or as part of the key exchange.
They don't need to be kept secret and SSL/TLS transmits them in the clear. The
server chooses a value
a
at random and the client chooses a value
b
at random.
Then the server computes
g
Ys
(g
a
%p)
Search WWH ::
Custom Search