tags:

views:

1529

answers:

7
Q: 

Public key or Diffie-Hellman Key Exchange Algorithm

Consider and client server scenario and you got two options:

  1. You can include Server's Public Key in Client and perform the exchange.
  2. You can use Diffie Hellman KeyExchange Algorithm to handshake and then exchange the key.

Which one is more secure way? also if public key will come from store say from Client CA store? would it be more secure instead of binding it in Client app?

The deployment will be done via an installer, verifying the version on each run.

+2  A: 

With (only) DH key exchange, the client has no way to know that it is really the server he is talking to.

So the conversation would be secure from eavesdroppers, but someone could pretend to be the server and compromise the client.

Thilo  2009-06-23 10:38:57
DH key exchange is very vulnerable to man in the middle attacks, just as Thilo implicitly writes.
AnnaR  2009-06-23 10:43:40
so you guys are voting for Option-1?but hasn't Diffie Hellman is considered secure on unsecure networks?
Usman Masood  2009-06-23 10:57:25
@Usman: Diffie-Hellman is secure against eavesdropping, but has no protection against man in the middle attacks. PKI provides that, assuming that the client can securely obtain the CA certificate. There's so such thing as "secure" - a given system prevents particular things happening. If those things are the only things you don't want to happen, then the system is "secure for your use" of it.
Steve Jessop  2009-06-23 11:35:20
@onebyone yep! in that case what would you say about public key being embded in client app?
Usman Masood  2009-06-23 12:00:07
If you embed the key in the app, then the client can trust the key as much as they trust the code, which should be good enough for them. Sometimes however you want to change a certificate, and it's easier to do that (without pushing a new version of the app) by having the server provide a cert to the client as part of the connection protocol, and that cert be signed by a signing cert either in the app, or in the client's OS keystore. That's the model used by SSL, and it seems to work OK...
Steve Jessop  2009-06-25 08:03:24
yep! thats a really good idea thanks
Usman Masood  2009-06-25 10:33:34
+1  A: 

An embedded key can be replaced. Generally speaking, if the client's machine is not secured by non-software means, you cannot prevent hacking of your client by a sufficiently motivated attacker. Even a TPM is no panacea. The question becomes one of trade-off: attackers' man-hours vs. utility (profit, fame &c) gained. The only really secure way to license a program which does computations is to perform all licensable computations on a server you physically control; https or SSL can be made sufficiently secure by choosing appropriate key lengths, hashing schemes, ciphers &c (a subject of which I know little).

The principle here is actually rather simple: you need to engineer a situation in which it will be in your clients' best interests to protect their passwords/license keys/data/whatever. E.g. if you have a computation server and charge your clients for server time, client keys are proxies to owners' bank accounts.

Anton Tykhyy  2009-06-23 11:01:52
well! if he hacks the servers public key... then server will no longer be able to decrypt the client data which means no communication.. i guess thats how it should be.
Usman Masood  2009-06-23 11:16:12
the attacker only needs to hack the client private key, or extract the server public key and use it in a separate attacking program
Anton Tykhyy  2009-06-23 12:04:47
then what could be the best approach?
Usman Masood  2009-06-23 16:25:50
I don't know your particulars, so can't really tell what will be best for you; added some general advice in answer.
Anton Tykhyy  2009-06-23 17:01:00
ok Anton one more question what would you suggest if public key will come from store say from Client CA store? would it be more secure?
Usman Masood  2009-06-24 05:24:18
Not much more secure I think. An attacker could change the name of the key your client requests from the store just as well as an embedded key.
Anton Tykhyy  2009-06-24 05:29:42
+3  A: 

Don't.

If you need to solve this kind of problem in production code, have an expert do it. There are so many subtle pitfalls in cryptography that chances are you will come a cropper.

Tobias  2009-06-23 18:39:53
A: 

As Tobias mentioned above it is better if you don't roll your own protocol. I would suggest to use an implementation of TLS, or at least model your protocol on TLS. TLS provides options for both Diffie-Hellman and Certificate based key exchange.

Take a look at: http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Mark  2009-06-23 18:47:47
A: 

With the public key scenario the client must be generating the key, there is no way you can have any confidence this key is securely generated (someone could get access to the system and change the key generator to always use the same value, increment the previous value by one, whatever, said attacker can then eves drop on your communications for ever more). Public key crypto was not designed for this purpose.

Diffie-Hellman would be better but as Tobias said if you roll your own you'll probably leave an attack.

Patrick  2009-06-23 18:50:10
What do you mean by client? Because the whole point of public key cryptography is that it is the server who generate both public and private keys. Maybe I misunderstood you though.
Gab Royer  2009-06-23 18:55:53
My understanding is that the OP is trying to exchange a session key between the client and the server using either a public key to encrypt a session key at the client end and then send it to the server or by generating a session key using the Diffie-Hellman protocol.
Patrick  2009-06-23 22:38:54
+1  A: 

Well private key algorithms usually offers better performances (by an order of magnitude or more as far as I can remember) then their public key counterpart. In that sense Diffie-Hellman would be more efficient then say RSA for a client-server architecture.

If you have far far more clients then servers, you could implement a public-key algorithm to reduce the exchanges between them.

Still, like many people said, you should consider asking/hiring an expert on the matter as there is many different types of attacks (most of them targeting only the implementation and not the algorithm per se). If you still want to proceed, I can only wish you best of luck and point you to this resources you should very carefully read.

Diffie-Hellman Key agreement method

Gab Royer  2009-06-23 19:08:21
A: 

Can diffie hellman be executed between 3 parties.... Bob alice and eve????

Pravin  2010-02-25 12:14:07

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS