In order to thwart Hortellana\'s mischief, Alice and Bob agree to exchange, as p

Question

In order to thwart Hortellana's mischief, Alice and Bob agree to exchange, as part of the security context setup, the secret key which was computed with Diffie-Hellman key exchange to verify they are both using the same secret key. Alice suggests that they iteratively hash the secret key 1,000 times before exchanging it.

a.) What security characteristic of the Diffie-Hellman key exchange is Alice attempting to protect with this strategy?

b.) What is the name of the security characteristic of the hash function which Alice is exploiting ?

c.) Bob tells Alice that her strategy makes sense to thwart the man in the middle attack but indicates the protocol still has a vulnerability since the use of the hash function does not implement what fundamental security characteristic?

Explanation / Answer

a.) In Diffie-Hellman key exchange, only private key of Bob (B), private key of Alice (A) and shared key (gab mod p = gba mod p) are secret, rest g, p, gA mod p, and gB mod p are open. Shared secret key may have some weak bits. Applying hash function removes those weak bits hence further improving security of the process.

b.) Applying a hash functions generates a unique hash key and with a proper hash function, it is difficult to find more than one value with the same hash key. Hence, applying hashing repeatedly on shared secret key improves the security of the key.

c.) Despite using the hash function, still there is a possibility of imparsonation attack. Imparsonation can be twarted by selecting such a value of p such that it is extemely difficult to compute A (or B) with the knowledge of g, p and gA mod p. If p is a sufficiently large prime number, even a fastest modern computer can not find A or B. This is referred to as Discrete Logarithm Problem.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.