🚩
Practical CTF
BlogContact
  • 🚩Home - Practical CTF
  • 🌐Web
    • Enumeration
      • Finding Hosts & Domains
      • Masscan
      • Nmap
      • OSINT
    • Client-Side
      • Cross-Site Scripting (XSS)
        • HTML Injection
        • Content-Security-Policy (CSP)
      • CSS Injection
      • Cross-Site Request Forgery (CSRF)
      • XS-Leaks
      • Window Popup Tricks
      • Header / CRLF Injection
      • WebSockets
      • Caching
    • Server-Side
      • SQL Injection
      • NoSQL Injection
      • GraphQL
      • XML External Entities (XXE)
      • HTTP Request Smuggling
      • Local File Disclosure
      • Arbitrary File Write
      • Reverse Proxies
    • Frameworks
      • Flask
      • Ruby on Rails
      • NodeJS
      • Bun
      • WordPress
      • Angular
    • Chrome Remote DevTools
    • ImageMagick
  • 🔣Cryptography
    • Encodings
    • Ciphers
    • Custom Ciphers
      • Z3 Solver
    • XOR
    • Asymmetric Encryption
      • RSA
      • Diffie-Hellman
      • PGP / GPG
    • AES
    • Hashing
      • Cracking Hashes
      • Cracking Signatures
    • Pseudo-Random Number Generators (PRNG)
    • Timing Attacks
    • Blockchain
      • Smart Contracts
      • Bitcoin addresses
  • 🔎Forensics
    • Wireshark
    • File Formats
    • Archives
    • Memory Dumps (Volatility)
    • VBA Macros
    • Grep
    • Git
    • File Recovery
  • ⚙️Reverse Engineering
    • Ghidra
    • Angr Solver
    • Reversing C# - .NET / Unity
    • PowerShell
  • 📟Binary Exploitation
    • ir0nstone's Binary Exploitation Notes
    • Reverse Engineering for Pwn
    • PwnTools
    • ret2win
    • ret2libc
    • Shellcode
    • Stack Canaries
    • Return-Oriented Programming (ROP)
      • SigReturn-Oriented Programming (SROP)
      • ret2dlresolve
    • Sandboxes (chroot, seccomp & namespaces)
    • Race Conditions
  • 📲Mobile
    • Setup
    • Reversing APKs
    • Patching APKs
    • HTTP(S) Proxy for Android
    • Android Backup
    • Compiling C for Android
    • iOS
  • 🌎Languages
    • PHP
    • Python
    • JavaScript
      • Prototype Pollution
      • postMessage Exploitation
    • Java
    • C#
    • Assembly
    • Markdown
    • LaTeX
    • JSON
    • YAML
    • CodeQL
    • NASL (Nessus Plugins)
    • Regular Expressions (RegEx)
  • 🤖Networking
    • Modbus - TCP/502
    • Redis/Valkey - TCP/6379
  • 🐧Linux
    • Shells
    • Bash
    • Linux Privilege Escalation
      • Enumeration
      • Networking
      • Command Triggers
      • Command Exploitation
      • Outdated Versions
      • Network File Sharing (NFS)
      • Docker
      • Filesystem Permissions
    • Analyzing Processes
  • 🪟Windows
    • The Hacker Recipes - AD
    • Scanning/Spraying
    • Exploitation
    • Local Enumeration
    • Local Privilege Escalation
    • Windows Authentication
      • Kerberos
      • NTLM
    • Lateral Movement
    • Active Directory Privilege Escalation
    • Persistence
    • Antivirus Evasion
    • Metasploit
    • Alternate Data Streams (ADS)
  • ☁️Cloud
    • Kubernetes
    • Microsoft Azure
  • ❔Other
    • Business Logic Errors
    • Password Managers
    • ANSI Escape Codes
    • WSL Tips
Powered by GitBook
On this page
  • Description
  • Security
  • Attacks
  • Computing manually
  • G only has small factors
  1. Cryptography
  2. Asymmetric Encryption

Diffie-Hellman

The Diffie-Hellman Key Exchange uses asymmetric encryption to set up a shared secret for symmetric encryption

PreviousRSANextPGP / GPG

Last updated 2 months ago

Description

Symmetric encryption like AES requires a Shared Secret from both parties to be able to communicate securely across a Public Channel where messages can be intercepted or altered. Asymmetric on the other hand just requires both parties to have their own keypair, but it is very slow to compute in comparison to symmetric encryption. The Diffie-Hellman Key Exchange solves this problem by utilizing an asymmetric scheme to create a shared secret that can then be used for symmetric encryption.

Performing this algorithm is pretty simple. A prime number p and generator g are chosen (often some well-known numbers), and Alice and Bob both have their own private key. Using the public g and p, they both compute their public key, which is shared across the Public Channel. When the other receives their public key, they use their private key to compute the final secret.

In summary, Alice's private key + Bob's public key == Bob's private key + Alice's public key.

Security

Attacks

There are many different attacks for the Diffie-Hellman key exchange, especially if you have some control over the numbers that computations happen on. I recommend looking up "diffie hellman ctf" in your favorite search engine to find some practical examples.

After breaking the logic and finding a private key, you can often just calculate the shared secret yourself and use it to decrypt whatever messages were encrypted.

Computing manually

R = IntegerModRing(p)  # Handle modular arithmetic
a = discrete_log(R(A), R(g))  # Compute a (Alice) from A and g mod p
b = discrete_log(R(B), R(g))  # Compute b (Bob)   from B and g mod p

G only has small factors

The order in multiplication does not matter, meaning Alice's ga∗bg^{a*b}ga∗b will be the same as Bob's gb∗ag^{b*a}gb∗a. All without ever showing the private a, b, or the secret.

The difficulty comes from knowing A=gamod  pA = g^a \mod pA=gamodp, but being unable to compute a from it. It is known as the and if an efficient algorithm is ever found, it would break a lot of cryptography.

output=baseexponentmod  pexponent=logbase(output)mod  p\begin{split} output &= base^{exponent} \mod p \\ { }\\ {exponent} &= log_{base}(output) \mod p \end{split}outputexponent​=baseexponentmodp=logbase​(output)modp​

Read this about security for some more information, and a fun practical attack against the internet as we know it.

An important piece here is the group order GGG of the modulus p, which is normally p-1. But if this p-1 value can be factored into small primes, this greatly reduces the strength and makes it vulnerable to Pohlig–Hellman algorithm (see G only has small factors). If it helps, read to understand how GGG is calculated in Diffie-Hellman.

A simple approach to solving the Discrete Logarithm using a meet-in-the-middle algorithm. It tries to compute private key a from a known public key A, g and p. A requirement for this algorithm is that the group order GGG explained above is small.

is a useful tool in mathematics that has many features and built-in algorithms. One of which is the function that has several common algorithms implemented that it will choose from automatically. When dealing with Diffie-Hellman and non-standard generation of p, it's a good idea to try throwing it into this function to find out if it is easily breakable:

Normally, the group order GGG has a large prime factor keeping it safe, but if this is not the case (eg. created from many small primes), can be used to efficiently perform the Discrete Logarithm. The discrete_log() function from sage will also try this method automatically if it finds the group order is composite instead of prime, so the same method as above can be used.

For a simple explanation of the idea behind this attack, .

🔣
Wikipedia section
sage
discrete_log
read this example
Discrete Logarithm Problem
this answer
Pohlig–Hellman algorithm
Diffie-Hellman Key Exchage: Shared Secret is computed by Alice and Bob with a Public Channel