Questions tagged [key-exchange]
For questions relating to protocols for distributing public keys, and / or establishing session keys with another party. Examples of key exchange protocols include Diffie-Hellman and IKE.
304 questions
11
votes
2
answers
3k
views
What are the preferred ways to exchange public keys physically?
Suppose I have the privilege to being able to physically meet a person that I want to communicate with beforehand. Suppose the person and I have minimal trust --- it could be the first time we get to ...
- 213
0
votes
1
answer
84
views
What is the best way to ensure a secure communication between two client devices without access to internet, CA, or pre-shared keys
I'm trying to create an application that should allow two devices (two phones, two computers, or a phone and a computer) to verify each other in some way to later be able to securely connect to each ...
- 35
1
vote
1
answer
272
views
SSH: Do the public and private keys contain the ip address?
Question
Do the public and private keys contain the ip address?
Scenario
Suppose "Computer I" as client has a IP as 192.168.1.A and is generated for SSH purposes its respective pair of ...
- 219
3
votes
1
answer
362
views
Value of ECDH with ECIES
I am struggling to understand the value of ECIES in a offline message encryption scheme with shared static ECDH keys.
So if Bob and Alice each have a static public ECDH key stored in a directory.
Each ...
- 133
3
votes
2
answers
521
views
In practice, what are the identities in the Needham–Schroeder protocol?
In the Needham–Schroeder public-key protocol we have the identities A and B of Alice and Bob, respectively. The initial version of the protocol was vulnerable to a MitM attack where the fix consists ...
- 709
0
votes
2
answers
313
views
Is Symmetric Key Exchange over HTTPS safe?
I am auditing a webapplication that gives access to a financial backend. The web application provides the frontend in a HTTPS session properly encrypted, and after the client authenticating inside the ...
- 1
2
votes
1
answer
177
views
DHE key exchange with p value 257 bytes but a pubkey of 256 bytes
I came across a packet capture in Wireshark where p length = 257 bytes and pubkey length = 256 bytes. See the ServerKeyExchange snip below:
Diffie-Hellman Server Params
p Length: 257
p: ...
- 23
0
votes
0
answers
246
views
Encrypted messaging app using QR codes for key exchange
I remember seeing an encrypted messaging app a while ago that offered using QR codes to exchange encryption keys between the users. Of course, this only worked when the people met physically, but ...
- 11
0
votes
1
answer
388
views
Permanent Keys/Secrets in TLS 1.3
In TLS 1.3 (RFC8446), there are many secrets and keys. As far as I've understood, every certificate (usually only the server) has a long term key associated with it which is used with HKDF to generate ...
- 1
8
votes
1
answer
226
views
Anonymity in initial Key exchange in onion routing
Maybe I will be wrong, please correct me and at the same time answer my question. I know the keys are exchanged between client and Tor relays through circuit extension requests (other than first relay)...
- 91
1
vote
0
answers
829
views
Enabling ECDH KeyExchangeAlgorithm in Windows Schannel while disabling CBC based ciphersuites
On our Windows Servers, we have disabled the following key exchange algorithms in registry
SCHANNEL\KeyExchangeAlgorithms\ECDH
SCHANNEL\KeyExchangeAlgorithms\PKCS
This leaves us with only 2 ...
- 111
1
vote
2
answers
584
views
Can a VPN connection be detected (and get blocked) even after the key exchange happens
If the key exchange happens when using lets say Wireguard or any other protocols that use IKA, and the connection never drops, could the ISP still detect the VPN traffic using Deep Packet Inspection?
- 21
3
votes
1
answer
280
views
What is the right way to transfer public-private keypairs over intranet?
First asked on StackOverflow and referred to this board, here:
I have an embedded system (Netburner 5441x) that encodes public-private RSA keypairs into devices. I have ported OpenSSL into the system ...
- 33
0
votes
0
answers
880
views
IIS Crypto 3.2 not getting rid of Diffie-Hellman algorithms of less than 2048-bits
I'm trying to stop a server using Diffie Hellman key exchanges of less than 2048 bits, but I'm getting confusing results.
I've run
Get-TlsCipherSuite | Format-Table Name, Exchange, Cipher, Hash, ...
- 101
0
votes
1
answer
153
views
How can a client safely post/get a (symmetric) client key to/from a key distribution center?
If you look at the above Kerberos protocol's diagram, you can find that the protocol works on the basis that the (symmetric) client key initially exists on both the client node and the key ...
