Question on Anonymous Diffie-Hellman key exchange

Nikos Mavrogiannopoulos nmav at
Thu Aug 27 17:32:35 CEST 2009

Ram G wrote:
> Hi,
> "....Also note that the DH parameters are only useful to servers. Since
> clients use the parameters sent by the server, it's of no use to call this
> in client side....."
> 1) Alice and Bob decides on the prime P and generator G
> 2) Alice decides on a random number X and sends G(power of X) mod P to Bob
> 3) Bob decides on a random number Y and sends G(power of Y) mod P to Alice
> 4) Both Bob and Alice can calculate the shared secret on their own from
> steps 2 and 3.
> So my question is - why are the DH params not generated in the client side
> too ? What is the point in generating the DH params and the shared key in
> the server (Bob) and sending it to the client (Alice) - won't it be
> accessible to an attacker when it is sent in the clear ?

 They will be available to attackers but the security of the DH
cryptosystem doesn't depend on the secrecy of the group and generator.
The security depends on the random numbers X and Y.


More information about the Gnutls-help mailing list