RSA vs Diffie-Hellman confusion

RSA (generate the pub/pri keys) is asymmetric and more secure. With DH, a previously agreed symmetric key is used to secure the transmision, TLS or SSL3 uses a combination of both RSA and DH?

Find more posts tagged with

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

paul78

DH isnt an encyption algorithm. It's a key-exchange algorithm. There is a good paper on it at the SANS web site here -
http://www.sans.org/reading_room/whitepapers/vpns/review-diffie-hellman-algorithm-secure-internet-protocols_751

cryptmod

Paul78, If you don't know the answer to a question, I would prefer that you not answer it, I didn't ask for a link to SANS room either. Informing me that DH isnt an encyption algorithm is laughable at best considering the question. Please next time stop going off-key.

paul78

Sorry if you didnt find my post helpful. I can certainly offer more information if you can clarify your confusion. You stated that you believe that RSA is more secure and I am I simply pointing out that DH doesn't do the same thing as RSA. DH for example as describedin the paper doesnt authenticate the parties. So thats why RSA is used.

Kai123

cryptmod@net-secured.com wrote: »

Paul78, If you don't know the answer to a question, I would prefer that you not answer it, I didn't ask for a link to SANS room either. Informing me that DH isnt an encyption algorithm is laughable at best considering the question. Please next time stop going off-key.

Diffie-Helloman is key-exchange algorithm. You can check out the link given for more information.

quinnyfly

RSA is an encryption algorithm where as Diffie-Hellman is not. RSA is primarily used to sign and encrypt messages using asymmetric encryption (public/private key pair) with key lenghts between 1024 - 3072 bits long. Because of the processing overhead involved with RSA (it's the factoring of very large prime numbers), it is inherently slower than other asymmetric algorithms.

Diffie-Hellman is a key exchange protocol, it was once prone to man-in-the-middle attacks because it had no authentication mechanism, now days it use STS (station-to-station) to provide two-way key authentication to authenticate both parties involved in the key exchange -thus thwarting MITM attacks.

TLS and SSL work at lower levels of the OSI making them more secure, TLS supersedes SSL <SSL works at the Session layer> <TLS works at the Transport layer>. TLS and SSL use RSA, TLS also uses DH for key exchange, and to my knowledge, SSL does not.

I am not certain if that is what you were looking for, but hope it helps anyway.