Ram G wrote: > Hi, > "....Also note that the DH parameters are only useful to servers. Since > clients use the parameters sent by the server, it's of no use to call this > in client side....." [...] > 1) Alice and Bob decides on the prime P and generator G > 2) Alice decides on a random number X and sends G(power of X) mod P to Bob > 3) Bob decides on a random number Y and sends G(power of Y) mod P to Alice > 4) Both Bob and Alice can calculate the shared secret on their own from > steps 2 and 3. > > So my question is - why are the DH params not generated in the client side > too ? What is the point in generating the DH params and the shared key in > the server (Bob) and sending it to the client (Alice) - won't it be > accessible to an attacker when it is sent in the clear ?
Hello, They will be available to attackers but the security of the DH cryptosystem doesn't depend on the secrecy of the group and generator. The security depends on the random numbers X and Y. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
