shared secret using diffie-hellman
paul at ciphergoth.org
Sun Jun 5 03:17:56 PDT 2005
Brad Fitzpatrick wrote:
> I thought the shared secret produced as a result of Diffie-Hellman _was_
> the key used in the HMAC. That's what I was assuming when I sent the
> first email in this thread.
If we do that, then the server has to either remember it, incurring
unnecessary storage, or it has to reconstruct it every time it's needed,
incurring unecessary computation. I wanted the HMAC shared secret to be
generated and managed using LJ::get_secret as before, so the server only
has to think about DH when it's asked for a fresh HMAC secret, and it
can forget the whole transaction as soon as it's over.
> I don't see where even XOR comes into play. What's wrong with sending the
> secret key's ID (I called it "handle") and expiry in the clear?
Sending the handle and expiry in the clear is fine.
> What? I thought the whole point of DH was that you never sent the
> shared-secret... it's inferred from both side's advertised public keys
> (you named then "gx", and "gy", probably by convention)
As above - there are two shared secrets, the DH shared secret and the
HMAC shared secret. The DH shared secret is used to encrypt the HMAC
shared secret for transmission.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis