How to improve the DH algorithm to make it resistant to man in the middle attacks

This is done by modifying their ciphertext as needed along the way, so that neither A nor B knows that they are sharing communication with C.

The disadvantage of the DH algorithm is that it does not provide any information about the identities of both parties. It is computationally intensive, so it is vulnerable to blocking attacks, where an adversary requests a large number of keys. The attacker spends a relatively large amount of computational resources to solve the useless power coefficients instead of doing the real work.

There is no way to prevent a repeat attack.

susceptible to man-in-the-middle attacks, where third party C plays the role of B when communicating with A; When communicating with B, it plays that both B and C negotiate a key with C, and then C can listen and pass the traffic.

diffie-hellman algorithm.

To initiate secure communication, both ends of the communication must first obtain the same shared key (master key), but the shared key cannot be sent to each other over the network, as this practice is highly susceptible.

The diffie-hellman algorithm is one of the earliest and most secure algorithms for key exchange. The basic working principle of the DH algorithm is that the two parties to the communication exchange publicly or semi-publicly some of the keys that are ready to be used to generate the key"Material data", after exchanging keys with each other, generated"Materials:", each end can generate an identical shared key.

At no time do the two parties exchange true keys.

Keys exchanged between the two parties to the communication are generated"Materials:", varying lengths,"Materials:"The longer the length, the stronger the generated key and the more difficult it is to decipher. In addition to key exchange, IPSec uses the DH algorithm to generate all other encryption keys. A digital signature must be borrowed to be secure enough.

I know it too, come and have a look.

The most effective way to defend against man-in-the-middle attacks is to join a third-party notary public, that is, to introduce a CA certification authority in the PKI system to provide authentication of public keys.

In fact, I admire the courage of the comrades of Xin'an Ban very much, just like Ding Mei last time, haha.

Xiao Yang, remember to change someone's student number next time you register, I'm embarrassed to say anything about you when you're so simple.

Shamefully hidden... Hidden... Hide... Respectfully by the Soft Workers Sightseeing Group

Xiao Yang is not authentic, he asked a question and was discovered, too two!!

202006 sightseeing group, what the headlines saw, how did you expose it, it is still a mystery. Hahaha.

I still haven't found Xiao Yang's student number....

How many points does the teacher give you at the end? Now it's an old hacker.

Dry some teacher, hahaha eat.

Sightseeing group, Xiao Yang, hahaha.

Hahahahahaha

The sightseeing group 2020 came to check in hahahahahahaha

Sightseeing tour from 2020 hahahaha.

Sightseeing, hahahahahaha.

Harbin group sightseeing group check-in, dripping

You've contracted me a morning of laughter, so do you have an answer you can share? Aha

Rub Yang Qiaoguo You're too 2 ......

Brother Hao: Passing by.

Yang Qiaoguo, next time you come up to check the answer, I will take your experimental results into consideration.

The first floor must be deceiving, and the second floor is not bad, but if you use hash, you lose one of the big advantages of DH, that is, the two sides don't need to keep the key, and you can randomly generate the amount of public and then exchange.

You can consider finding a trusted third party to make a certificate, provided that it is trustworthy and has his public key.

Both ends of the communication must first get the same shared key (master key.

The identity spoofing of the principle of SSL man-in-the-middle attack can be eliminated by using two-way authentication. We all know that it's because of SSL encryption, the hackers answered.

There is no way to use man-in-the-middle attacks. Imagine how high the risk of plaintext transmission would be if there was no SSL certificate for digital encryption? And man-in-the-middle attack techniques and implementations are much more difficult than directly stealing plaintext numbers, right?

Although thefts are common, it is impossible not to need security doors or police.

The effectiveness of the diffie-hellman key exchange algorithm depends on the difficulty of calculating discrete logarithms. In short, a discrete logarithm can be defined as follows: first, define the primordial root of a prime p, and produce all integer roots from 1 to p-1 to its powers, i.e., if a is a primordial root of the prime p, then the numerical value.

a mod p, a2 mod p, .ap-1 mod p

are distinct integers, and in some way make up all the integers from 1 to p-1.

For an integer b and a prime-root a of the prime p, the unique exponent i can be found such that.

b = ai mod p where 0 i p-1).

The exponent i is called the discrete logarithm or exponent of the base of a modulo p of b. This value is denoted as inda, p(b).

Based on this background knowledge, the diffie-hellman key exchange algorithm can be defined. The algorithm is described as follows:

1. There are two globally exposed parameters, a prime number q and an integer a, and a is a primitive root of q.

2. Suppose users A and B want to exchange a key, and user A chooses a random number xaname=na as the private key;

Power multiplication algorithm for large numbers.

int mul(int x,int r,int n)

int a=x;

int b=r;

int c=1;

while(b!=0)

if(b%2!=0)

b=b-1;

c=(c*a)%n;

elseb=b/2;

a=(a*a)%n;

return c;

Determine that the elements in the array are not equal (not equal is true).

bool isequalinarray(int *a,int n)

int flag=0;

for(int i=0;ifor(int j=i+1;jif(a[i]==a[j])

return false;

return true;

Seek the original element. void benyuan(int prime)

int *a=new int[prime];

coutfor(int j=0;ja[j]=mul(i,j+1,prime);

if(isequalinarray(a,prime))

cout