shared secret using diffie-hellman

Paul Crowley paul at
Sun Jun 5 03:17:56 PDT 2005

Brad Fitzpatrick wrote:
> I thought the shared secret produced as a result of Diffie-Hellman _was_
> the key used in the HMAC.  That's what I was assuming when I sent the
> first email in this thread.

If we do that, then the server has to either remember it, incurring 
unnecessary storage, or it has to reconstruct it every time it's needed, 
incurring unecessary computation.  I wanted the HMAC shared secret to be 
generated and managed using LJ::get_secret as before, so the server only 
has to think about DH when it's asked for a fresh HMAC secret, and it 
can forget the whole transaction as soon as it's over.

> I don't see where even XOR comes into play.  What's wrong with sending the
> secret key's ID (I called it "handle") and expiry in the clear?

Sending the handle and expiry in the clear is fine.

> What?  I thought the whole point of DH was that you never sent the
> shared-secret... it's inferred from both side's advertised public keys
> (you named then "gx", and "gy", probably by convention)

As above - there are two shared secrets, the DH shared secret and the 
HMAC shared secret.  The DH shared secret is used to encrypt the HMAC 
shared secret for transmission.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list