Unanswered Question
Feb 18th, 2009
User Badges:

I am watching a CBT Nugget that is explaining DH key exchange and its leaving me confused.

I thought that each end uses their own private key with the other ends public key to computer the "shared secret" key and therefore does not need to then encrypt the "shared secret" and send it across the wire.

The video I have clearly shows the shared secret being created as I explained above, but then explains that the "shared secret" key is encrypted and sent to the other end.

Can anyone help me with this problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JamesLuther Thu, 02/19/2009 - 01:55
User Badges:
  • Silver, 250 points or more


Alot of IKE/DH training material try to simplify the process. To explain everything that goes on can get quite complex. You can try looking at RFC2409 to get the full picture.

The material may be refering to the exchange of nonces. After the DH is setup the two ends exchange nonces which are then combined togther with some other values (such as PSK or certificate) and put through a hashing mechanism to create some new keys which are then used for phase 2.



This Discussion