1
$\begingroup$

Recently I'm studying Diffie-Hellman key exchange protocol and I've noticed that the basic Diffie-Hellman can be attacked by Man-In-The-Middle attack. I've also read about the Fixed Diffie-Hellman which uses CA (Certificate Authorities) to prevent MITM attacks.

I'm wondering if there are serious vulnerabilities related to Fixed Diffie-Hellman & if there are, which attacks are used against the authenticated version of Diffie-Hellman.

$\endgroup$
2

1 Answer 1

3
$\begingroup$

One of the biggest issues of fixed Diffie Hellman is the total lack of forward secrecy and less randomization. Lack of randomization makes it vulnerable to replay attacks but randomization can be introduced by using nonces and using something like e.g. $KDF(masterkey,nonce1\| nonce2)$ as session key. Remember that two sides will always share the same $masterkey$. But there is still no way to bring forward secrecy because if even a single private key belonging to one of the parties gets compromised, all the communications by the said party, including past communications become compromised.

$\endgroup$

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.