I think to understand this algorithm, first understand this process is almost.
User A selects a random integer x1 < Q and Calculates y1 = a x1 mod q. Similarly, User B also independently selects a random integer x2 < Q, and calculates y2 = a x2 mod q. A and B keep their x private, but for the other side, Y is publicly accessible. User A calculates k = y2 x1 mod Q, b calculates k = y1x2 mod Q. Of course, the two keys that are computed are the same K.
As for the two k why the same, casually from the angle of a or B to consider, and then use a mathematical theorem (modulo operation rules) can be deduced. Well, now ordinary users can get y1,y2,q and a. However, these 4 are also unable to calculate the key K. Because, if the user knows Y2,q,a, then he learned that Tao X2 can work out K, and the use of y2 = A x2 mod Q to find X2, the idea is feasible, but for large prime numbers, it is almost impossible to calculate the discrete logarithm.
But D-H encryption algorithm has its shortcomings, do not know whether or not to be eliminated now (this I can not conclude), but it has become a part of Oakley, the latter overcame its shortcomings. In simple terms, the Oakley algorithm features the following:
1. It uses a mechanism called Cookie program to combat blocking attacks.
2, it enables both parties to negotiate a global parameter set.
3, it uses the current to ensure resistance replay attack.
4, it can exchange Diffie-hellman public key.
5. It identifies the Diffie-hellman exchange to counter the man-in-the-middle attack.
Recently intensified learning network security knowledge ... Hope to be able to have a deeper impression and form a certain mode of thinking and a certain mathematical basis.