Diffie-Hellman
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2009 05:32 PM - edited 02-21-2020 03:18 AM
I am watching a CBT Nugget that is explaining DH key exchange and its leaving me confused.
I thought that each end uses their own private key with the other ends public key to computer the "shared secret" key and therefore does not need to then encrypt the "shared secret" and send it across the wire.
The video I have clearly shows the shared secret being created as I explained above, but then explains that the "shared secret" key is encrypted and sent to the other end.
Can anyone help me with this problem?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2009 01:55 AM
Hi,
Alot of IKE/DH training material try to simplify the process. To explain everything that goes on can get quite complex. You can try looking at RFC2409 to get the full picture.
The material may be refering to the exchange of nonces. After the DH is setup the two ends exchange nonces which are then combined togther with some other values (such as PSK or certificate) and put through a hashing mechanism to create some new keys which are then used for phase 2.
Regards
