Score:1

Can Fixed–Diffie–Hellman be attacked?

gl flag

Recently I'm studying Diffie-Hellman key exchange protocol and I've noticed that the basic Diffie-Hellman can be attacked by Man-In-The-Middle attack. I've also read about the Fixed Diffie-Hellman which uses CA (Certificate Authorities) to prevent MITM attacks.

I'm wondering if there are serious vulnerabilities related to Fixed Diffie-Hellman & if there are, which attacks are used against the authenticated version of Diffie-Hellman.

knaccc avatar
es flag
Fixed Diffie-Hellman is secure, but does not offer forward secrecy.
kelalaka avatar
in flag
[Why Static RSA and Diffie-Hellman cipher suites have been removed in TLS 1.3?](https://crypto.stackexchange.com/a/67606/18298)
Score:3
us flag

One of the biggest issues of fixed Diffie Hellman is the total lack of forward secrecy and less randomization. Lack of randomization makes it vulnerable to replay attacks but randomization can be introduced by using nonces and using something like e.g. $KDF(masterkey,nonce1\| nonce2)$ as session key. Remember that two sides will always share the same $masterkey$. But there is still no way to bring forward secrecy because if even a single private key belonging to one of the parties gets compromised, all the communications by the said party, including past communications become compromised.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.