I'm not 100% sure I'm following you because of your choice of terminology, but here goes:
> Yes, I do understand the DH exchange process. But with respect to the > OpenSSL DH Library usage, let's say I and another party have > fixed p & g. I > calculate X using DH_generate_key() (I get a different X every > time for the > same p & g, is that okay?). And later I receive the other party's Y (which > never changes by the way) and use it to calculate the secret key and is > different every time. So my comparison against their shared secret key > fails. What are you comparing to the shared secret key? If you use a different X and they use the same Y, then the shared secret will be different. But both ends will agree on it. For any X and any Y, 'X^Y mod p' will still equal 'Y^X mod p'. So if one side picks a new X and the other side uses the same Y, the shared secret will change, but it will still be shared. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]