Translation

English
English French Actions
Mallory generates a secret integer, :math:`m` and sends :math:`M=g^{m} \mod p` to Bob
Bob chooses a secret integer and sends :math:`B=g^{b} \mod p` to Mallory
Mallory computes :math:`S_{A}=A^{m} \mod p` and :math:`S_{B}=B^{m} \mod p`
Alice computes :math:`S_{A}=M^{a} \mod p` and uses this key to communicate with Mallory (acting as Bob)
Bob computes :math:`S_{B}=M^{b} \mod p` and uses this key to communicate with Mallory (acting as Alice)
When Alice sends a message, she encrypts it with :math:`S_{A}`. Mallory decrypts it with :math:`S_{A}` and encrypts the plaintext with :math:`S_{B}`. When Bob receives the message, he can decrypt it by using :math:`S_{B}`.
To safely use the Diffie-Hellman key exchange, Alice and Bob must use an `authenticated` exchange. Some of the information sent by Alice or Bob must be signed with a public key known by the other user. In practice, it is often important for Alice to authenticate Bob. If Bob has a certificated signed by Ted, the authenticated key exchange could be organized as follows.
Alice chooses a secret integer : :math:`a` and sends :math:`A= g^{a} \mod p` to Bob
Bob chooses a secret integer : :math:`b`, computes :math:`B= g^{b} \mod p` and sends :math:`Cert(Bob,Bob_{pub},Ted), E_p(Bob_{priv},B)` to Alice
Alice checks the signature (with :math:`Bob_{pub}`) and the certificate and computes :math:`S_{A}=B^{a} \mod p`
Bob computes :math:`S_{B}=A^{b} \mod p`
This prevents the attack mentioned above since Mallory cannot create a fake certificate and cannot sign a value by using Bob's private key. Given the risk of man-in-the-middle attacks, the Diffie-Hellman key exchange mechanism should never be used without authentication.
Footnotes Notes de pied de page
The wikipedia page on passwords provides many of these references : https://en.wikipedia.org/wiki/Password_strength
A detailed explanation of the operation of the RSA algorithm is outside the scope of this e-book. Various tutorials such as the `RSA page <https://en.wikipedia.org/wiki/RSA_(cryptosystem)>`_ on wikipedia provide examples and tutorial information.
A detailed explanation of the ECC cryptosystems is outside the scope of this e-book. A simple introduction may be found on `Andrea Corbellini's blog <http://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/>`_. There have been deployments of ECC recently because ECC schemes usually require shorter keys than RSA and consume less CPU.

Loading…

User avatar None

New source string

cnp3-ebook / principles/securityFrench

New source string 3 years ago
Browse all component changes

Glossary

English French
No related strings found in the glossary.

String information

Source string location
../../principles/security.rst:1024
String age
3 years ago
Source string age
3 years ago
Translation file
locale/fr/LC_MESSAGES/principles/security.po, string 109