Question on Anonymous Diffie-Hellman key exchange

[Ram G]

So does this mean the GnuTLS client generates the "shared key" on its own ?

When I read that the DH parameters are useful only to the server, perhaps
I got confused that the server generates P, G and the "Shared Key" and sends
the "Shared Key" to the client.

So this is the correct logic:

1) GnuTLS server generates P & G and sends it to the client
2) GnuTLS client selects a random number X and sends G(power of X) mod P to
server
3) GnuTLS server selects a random number Y and sends G(power of Y) mod P to
client
4) Both client and server independently calculates the "shared key"

Thanks for clearing my confusion

Ramg

On Thu, Aug 27, 2009 at 11:32 AM, Nikos Mavrogiannopoulos
<nmav at gnutls.org>wrote:

> Ram G wrote:
> > Hi,
> > "....Also note that the DH parameters are only useful to servers. Since
> > clients use the parameters sent by the server, it's of no use to call
> this
> > in client side....."
> [...]
> > 1) Alice and Bob decides on the prime P and generator G
> > 2) Alice decides on a random number X and sends G(power of X) mod P to
> Bob
> > 3) Bob decides on a random number Y and sends G(power of Y) mod P to
> Alice
> > 4) Both Bob and Alice can calculate the shared secret on their own from
> > steps 2 and 3.
> >
> > So my question is - why are the DH params not generated in the client
> side
> > too ? What is the point in generating the DH params and the shared key in
> > the server (Bob) and sending it to the client (Alice) - won't it be
> > accessible to an attacker when it is sent in the clear ?
>
> Hello,
>  They will be available to attackers but the security of the DH
> cryptosystem doesn't depend on the secrecy of the group and generator.
> The security depends on the random numbers X and Y.
>
> regards,
> Nikos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090827/5eb11a13/attachment.htm>