encryption (passwords)

Gumuz gumuz at looze.net
Thu Sep 5 15:19:41 CEST 2002


actually, i found a very good example for this at:
http://www.nyx.net/~awestrop/crypt/dh2.htm
it's a java applet

only thing i'm still puzzling with is how to apply this properly

"Paul Rubin" <phr-n2002b at NOSPAMnightsong.com> wrote in message
news:7xsn0pzcol.fsf at ruckus.brouhaha.com...
> "Gumuz" <gumuz at looze.net> writes:
> > although this is just a play-learn-project and security is not really an
> > issue, i'd like to include encryption in it as well to get experience in
> > this, too.
>
> If you want to learn programming cryptography, the book you want is
> "Applied Cryptography" by Bruce Schneier.  You might like to implement
> everything yourself rather than using a library.
>
> > Actually, I am trying to create a sort of simple instant messenger
> > server+client.
>
> I think this should use Diffie-Hellman key exchange to choose the
> decryption keys.  DH is a way for two people to agree on a key based
> on random parameters they each choose.  The traditional version goes:
>
>    Alice and Bob agree beforehand on public parameters g and P,
>    where P is a big prime number (like 300 digits) with certain
>    properties and g is a generator of Z//p.  If you don't understand
>    that, don't worry too much--there are standard values of g and P
>    that you can use.
>
>    To start talking to each other, Alice chooses a secret random number x,
>    and Bob chooses a secret random number y.  They do not reveal these
>    numbers to anyone.  Alice instead computes the number X = g**x mod P
>    and sends X to Bob.  Bob computes Y = g**y mod P and sends Y to Alice.
>    Computing these modular exponentials is trivial in python because
>    of Python's built-in long integers and its 3-argument pow function.
>    You can just say Y = pow(g,y,P).
>
>    Since Alice receives Y from Bob and knows x already, she can compute
>    K = Y**x mod P.  Notice Y**x mod P == (g**y)**x mod P = g**(yx) mod P.
>    Bob likewise can compute K = X**y mod P = (g**x)**y mod P = g**(xy) mod
P.
>    Since multiplication is commutative, xy==yx so both have found the same
K.
>    The coolness here is the computation required knowing at least one of
>    the secrets, x or y.  An eavesdropper knowing neither secret doesn't
>    have any easy way to find K.
>
>    At the end of the conversation, Alice and Bob should both erase their
>    secret values x, y, and K from computer memory.  That means the
>    conversation can never be recovered by a third party, even by forcing
>    Alice and Bob to reveal their passwords, turn over their computers,
etc.
>    The keys are gone forever, like burning a document.
>
> Note you will also have to protect against "man in the middle"
> attacks, and deal with some other subtleties, to make DH secure--the
> description above is just to sketch the process.  See Applied
> Cryptography for more info.





More information about the Python-list mailing list