Type of encryption and its related algorithm--key exchange

The first two sections address the encryption of information and the integrity of information, but it is not possible to resolve the issue of confidentiality of password (key) transmission. How do I negotiate a password (key) on an unsecured network?

1976, W. Diffie and M.hellman put forward the idea of public-key cryptography in the published paper, but did not give a concrete implementation plan, the reason is that there is no one-way function (the Message digest algorithm), but in this paper, the communication between the two parties through the exchange of information to negotiate the key algorithm, that is, Diffie-hellman key exchange Algorithm (for short, the DH algorithm). The purpose of this algorithm is to enable both the receiving and sending of messages to exchange keys under secure conditions for subsequent encryption/decryption purposes. Therefore, the DH algorithm is the first key-negotiation algorithm, but it can only be used for key allocation and cannot be used to encrypt or decrypt messages.

So how is this key exchange done?

1, A and b to negotiate a large prime number p and a generation of G, on the network is public, anyone can intercept

2, at this time A and B secretly in the back tricks, a generated random number x,b generate random number Y

3, A to the results of g^x%p sent to B

4, B to the results of g^y%p sent to a

5, the network can only see p,g,g^x%p,g^y%p these four numbers

6, a can get p,g,g^y%p,x

7, B can get p,g,g^x%p,y

8, at this time A and B respectively began to calculate, A is (g^y%p) ^x% p,b is (g^x%p) ^y%p, this result is a and B negotiated results.

this figure is from the network

In that case, let's do the math problem verification.

1, A and B negotiated p=23 and g=5.

2, a generates a random number x=3, calculates the a=g^a%p and sends to B

a=5^3%23=10

3, B generate a random number y=5, calculate b=g^b%p and send to a

B=5^5%23=20

4, the information obtained by a calculation password (key) k1= (g^b%p) ^x%p

K1=20^3%23=19

5, the information obtained by B is calculated password (key) k2= (g^a%p) ^x%p

K2=10^5%23=19

At this point, you can get k1=k2=19, which is a and B key exchange.

The password (key) can be regenerated every time a communicates with B. Originally this algorithm, want to through the brute force to crack all difficult, each communication all renegotiate new password, this greatly reduces the likelihood of being violently cracked.

can we rest assured that this is the case? No!!! e This bad guy ran out again, A and B each communication is using a random password, then still a or can not verify the communication is the object is b,e to disguise as B. E again in the obstruction, intercept a sent to B information, negotiated password, and then tampered with, and then initiated and B communication, negotiated password. So we fell into the pit again, as if we could never solve the problem of communication security. So is there a mechanism that can help us? For more information, please continue to follow the next tutorial. ^_^

Type of encryption and its related algorithm--key exchange