# Diffie-Hellman – PART 2/2

Let’s take a real example of the DHKE and to figure out how to generate and exchange keys securely between two parties.

1. Choose a large prime p.
2. Choose a primitive root g of p.
3. Publish p and g.

Alice and Bob must agree on the values of p and g; (where g for example is 2 or 5).

Find the attacked PowerPoint slides for a dhke-example.

In conclusion, the DHKE provides both parties to know (k = gAB mod p). Meanwhile, Oscar knows (p, g, gA mod p and gB mod p), which is not enough to compute (gAB mod p), unless Oscar computes the discrete logarithm of (gA mod p) or (gB mod p) to find either A or B.

Therefore, the security of DHKE depends on the difficulty of the discrete logarithm problem.

The most common problem that occur with DHKE that it is susceptible to Man-In-The-Middle (MITM) attack, where both parties (Alice and Bob) believe that they share a secret key with each other, whereas they share a secret key with Oscar via MITM attack. However, it is possible to mitigate/thwart the MITM attack by implementing Digital Signature when exchanging the value.

Digital Signature is a browser technique that defend against MITM by doing the following:

• Digital signature on exchanged values.
• Alice signs gA mod p, Bob signs gB mod p.
• This proves that it was they who generated these values.

Note: modern browsers use Diffie-Hellman to communicate with websites (https://&#8230;).

Find the attacked PowerPoint slides for more information about the mitm-attack.

 This link shows which algorithms your browser supports, for example DHE-RSA Is for key exchange AES128 Is for symmetric encryption (See SK lecture) SHA Is for Message Authentication (See next lecture) DHE-RSA Diffie-Hellman Ephemeral with RSA digital signatures