It is used as key agreement protocol, aka exponential key agreement, which allows 2 users to exchange a secret key over an insecure medium without exchange prior secrets.
Key exchange is vulnerable to a man-in-the-middle attack
Normal
A ------------------------- B
MITM
A --------- M ----------- B
The main drawback is that DH does not authenticate both the parties.
For non-repudiation purpose, we will need to consider using digital signatures.
Reference: Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
No comments:
Post a Comment