On 18 March 2013 15:05, azhar jodatti <azhar...@gmail.com> wrote: > > I also just noticed that in your JSON sample there is only one prime > number provided. There are in fact two required: p and q. > well, I think other prime number is g and not q. other prime number is > base generator i.e g in above JSON sample. > > No, g is the generator and I don't believe there is a requirement for it to be prime. In fact your Java version of your JSON has a generator which is clearly NOT prime - it is an even number. You are missing a parameter from your JSON.
> > One other point to make here is that it looks very much like you are > designing your own protocol rather than implementing a well defined one. > This is fraught with security risks....it is very easy to make a mistake - > and is generally a bad idea. Use standardised approaches where ever > possible. In particular note that the diffie-hellman implementation in use > here provides a "raw" shared secret at the end. Standardised protocols > normally define a process for turning that shared secret into something > which can be used as a key (typically by passing the secret, along with > other data through some message digest). E.g. see RFC 2631 > > > I don't feel i am trying to design my own protocol. at least it won't look > so for me :) I want to use symmetric key encryption and for that I need a > same secret key at both the ends at run time. Who else does this better > than Diffie Hellman? :) :) > > > Diffie Hellman is the algorithm, the protocol is about how you implement and use that algorithm, e.g. taking a ridiculous example you can use the diffie-hellman algorithm and then make it insecure by transmitting the private key in the clear in the protocol!! See the top answer here: http://security.stackexchange.com/questions/2202/lessons-learned-and-misconceptions-regarding-encryption-and-cryptology Also: http://www.cse.chalmers.se/edu/year/2012/course/TDA601/Project/Presentations06/9.pdf And: "Cryptographic protocols and algorithms are difficult to get right, so do not create your own" http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/crypto.html Matt
