[OTR-users] Re: Perfect Forward Secrecy

Adam Zimmerman adam_zimmerman at ezrs.com
Mon Mar 28 19:31:10 EST 2005


OK, let me try. I'm only a first year comp-sci major, so this could be
horribly wrong.

I don't quite understand math describing *why* it works. However, the
math that allows 2 people to come up with the same key is quite simple.

Alice chooses a random number a. Bob chooses b. g and p are prechosen,
and can be public. Alice computes g^a mod p, and Bob does g^b mod p.
These are their public values.

Alice takes Bob's public key, and combines it with her own, by
computing: (g^b)^a mod p (remember a is Alice's private key). Bob does
likewise, (g^a)^b mod p.

Since (x^y)^z = x^yz, Alice and Bob have both computed g^ab (mod p,
which doesn't change anything), which is their shared key.

Like I said, I'm not sure *why* this is secure, but there's the math for
you. Hope that helped.

On Mon, 2005-03-28 at 18:47 -0500, Jason Cohen wrote:
> I actually have read the paper, and OTR does indeed seem very clever. I
> suppose my problem is that I don't fully understand how Diffie Hellman
> Agreement can do what it does. I can understand RSA/DSA which creates a
> public/private keypair on one machine and then distributes the public
> key (I understand how PGP works), but the concept of realtime key
> generation over an insecure network is baffling. I suppose it would be
> nice if I could better understand the math involved. Could someone
> explain how Diffie Hellman works to a social-science undergraduate? It
> would be greatly appreciated.
> 
> Jason
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users

--
Adam Zimmerman <adam_zimmerman at ezrs.com>

CREATIVITY  - http://tinyurl.com/3oxgw
ALWAYS      - http://randomfoo.net/oscon/2002/lessig/
BUILDS      - http://www.theopencd.org/
ON THE PAST - http://free-culture.org/freecontent/
--

 Programmers do it bit by bit.




More information about the OTR-users mailing list