RSA vs Diffie-Hellman confusion

cryptmodcryptmod Member Posts: 8 ■□□□□□□□□□
RSA (generate the pub/pri keys) is asymmetric and more secure. With DH, a previously agreed symmetric key is used to secure the transmision, TLS or SSL3 uses a combination of both RSA and DH?icon_cheers.gif

Comments

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    DH isnt an encyption algorithm. It's a key-exchange algorithm. There is a good paper on it at the SANS web site here -
    http://www.sans.org/reading_room/whitepapers/vpns/review-diffie-hellman-algorithm-secure-internet-protocols_751
  • cryptmodcryptmod Member Posts: 8 ■□□□□□□□□□
    Paul78, If you don't know the answer to a question, I would prefer that you not answer it, I didn't ask for a link to SANS room either. Informing me that DH isnt an encyption algorithm is laughable at best considering the question. Please next time stop going off-key.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Sorry if you didnt find my post helpful. I can certainly offer more information if you can clarify your confusion. You stated that you believe that RSA is more secure and I am I simply pointing out that DH doesn't do the same thing as RSA. DH for example as describedin the paper doesnt authenticate the parties. So thats why RSA is used.
  • Kai123Kai123 Member Posts: 364 ■■■□□□□□□□
    Paul78, If you don't know the answer to a question, I would prefer that you not answer it, I didn't ask for a link to SANS room either. Informing me that DH isnt an encyption algorithm is laughable at best considering the question. Please next time stop going off-key.

    Diffie-Helloman is key-exchange algorithm. You can check out the link given for more information.
  • quinnyflyquinnyfly Member Posts: 243 ■■■□□□□□□□
    RSA is an encryption algorithm where as Diffie-Hellman is not. RSA is primarily used to sign and encrypt messages using asymmetric encryption (public/private key pair) with key lenghts between 1024 - 3072 bits long. Because of the processing overhead involved with RSA (it's the factoring of very large prime numbers), it is inherently slower than other asymmetric algorithms.

    Diffie-Hellman is a key exchange protocol, it was once prone to man-in-the-middle attacks because it had no authentication mechanism, now days it use STS (station-to-station) to provide two-way key authentication to authenticate both parties involved in the key exchange -thus thwarting MITM attacks.

    TLS and SSL work at lower levels of the OSI making them more secure, TLS supersedes SSL <SSL works at the Session layer> <TLS works at the Transport layer>. TLS and SSL use RSA, TLS also uses DH for key exchange, and to my knowledge, SSL does not.

    I am not certain if that is what you were looking for, but hope it helps anyway.
    The Wings of Technology
Sign In or Register to comment.