3

After looking into how TLS handshaking works it seems to inherently include the Diffie Hellman algorithm during the point where they generate a shared secret key. However as I look into this some more I find articles such as this: https://thecybersecurityman.com/2018/04/25/https-the-tls-handshake-using-diffie-hellman-ephemeral/

"I published a blog post several months ago illustrating a simplified step-by-step process of how https and the TLS handshake typically work. BUT! There is an alternative approach that uses a key agreement protocol called Diffie-Hellman Ephemeral (DHE). This is a process of creating a secret key in plainsight using modular arithmetic."

Looking at the blog post mentioned it seems like the client uses the servers public key to create a shared private key and sends it back. So it looks like the burden of creating the shared key is actually on the client, and so this is different than Diffie Hellman. Is this correct? If so what are the pros and cons of using one or the other?

J_N_300
  • 31
  • 1
  • 3
  • 4
    Does this answer your question? What's the fundamental difference between Diffie-Hellman and RSA? – Steffen Ullrich Feb 29 '20 at 16:46
  • See http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html for an example of a TLS session that does not use DH (it uses RSA instead). – mti2935 Feb 29 '20 at 18:25
  • @SteffenUllrich That is a helpful link but I don't think it answers my question unless I'm mistaken. – J_N_300 Feb 29 '20 at 23:03
  • @mti2935 Does this mean that there are three ways to go about this in TLS? RSA, DH and the whatever is used in the blog post I mentioned? – J_N_300 Feb 29 '20 at 23:04
  • The diagram in https://thecybersecurityman.com/2017/11/22/how-does-https-work/ is poor, but the text seems clear enough to me: the 'key' (really the premaster secret, which derives the keys but is not itself a key) is encrypted by the client, sent, and decrypted by the server, meaning the value is now shared. – dave_thompson_085 Mar 01 '20 at 03:59
  • 1
    @J_N_300: what is described in the blog you refer to is actually RSA (secret created by client only and send encrypted with public key to server). So your question basically boils down to the difference between DH and RSA, which is a duplicate. – Steffen Ullrich Mar 01 '20 at 08:11
  • @SteffenUllrich I see, whereas for Diffie-Hellman both parties public/private keys are encrypted with equal effort? Going by this example: https://www.coengoedegebure.com/surviving-an-infosec-job-interview-cryptography/#buildsharedsecret – J_N_300 Mar 01 '20 at 17:31

1 Answers1

2

This depends on the TLS version you're using.

In TLS 1.2, keys can be exchanged via RSA, DH (Diffie-Hellman over a Finite Field), ECDH (Diffie-Hellman over an Elliptic Curve), DHE (DH but the key is discarded after use to provide forward-secrecy), ECDHE (ECDH but the key is discarded after use to provide forward secrecy), PSK (Pre-Shared keys), and SRP (Secure Remote Password protocol).

In TLS 1.3 the insecure and overly-complex methods were deprecated, leaving only DHE and ECDHE for key agreement.

Versions of TLS before 1.2 don't have any unconditionally secure cipher options, and should not be used.

Wikipedia has a nice table, though note that it shows both the key exchange/agreement method and the authentication method in one chart, so there can be multiple rows using a given key exchange/agreement method.

SAI Peregrinus
  • 5,836
  • 19
  • 26