Why should a key exchange protocol (such as in TLS or IKE) use Diffie Hellman? Why not just use RSA? For example: Alice picks a random session key, signs it, encrypts it with Bob's public key, and sends it to Bob. Why introduce Diffie-Hellman? What does DH add?
Asked
Active
Viewed 4,494 times
1 Answers
12
What does DH add?
Perfect Forward Secrecy.
That is, suppose you have a secure session with the server Bob, and then you close the session down. Then, someone steals the server (or serves a warrant to the owner). If you use RSA to transport the random session key, well, the server still has the RSA private key, and so they'll be able to decrypt your session.
In contrast, assuming that the server and the client zeroizes the DH private values at the end of negotiation, they can't - no one is able to rederive the session keys, even if they grabbed both the client and the server.
Now, it's possible to do this with RSA (by zeroizing the old RSA private key, and generating a fresh one periodically); however generating RSA key pairs is expensive, and so no one does that - they use DH instead.
poncho
- 154,064
- 12
- 239
- 382