StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POClient-side encryption over HTTP with Diffie-Hellman Key Exchange and AES
primarykey
Id
9833527
data
AcceptedAnswerId
9833722
AnswerCount
3
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-03-23T02:50:05.420
FavoriteCount
4
LastActivityDate
2014-03-28T13:22:08.903
LastEditDate
2012-03-23T06:14:03.717
LastEditorUserId
479947
OwnerUserId
479947
ParentId
0
PostTypeId
1
Score
7
ViewCount
11122
LastEditorDisplayName
text
Body
After watching a YouTube video on the <a href="http://www.youtube.com/watch?v=3QnD2c4Xovk">Diffie-Hellman Key Exchange</a>, I wanted to try an implementation in JavaScript (Atwood's law). I sketched up an cipher on Node.js with the following rules: <ul> <li>Step 1: Client and server agree on a shared key: <ul> <li>Client & server start with a 512bit prime public key pK</li> <li>Client generates a 512bit prime private key kC and sends powMod(3, kC, pK)</li> <li>Server generates a 512bit prime private key kS and sends powMod(3, kS, pK)</li> <li>Client & Server use powMod(response, privatekey, pK) as the shared key</li> </ul></li> <li>Step 2: Communication <ul> <li>Before a client sends data it is encrypted with the shared key using the Stanford Javascript Crypto Library (256bit AES, HMAC authentication, PBKDF2 password strengthening, and CCM authenticated-encryption.)</li> <li>Once the server decrypts the data with the shared key, it generates a new 512bit prime private key and sends it as a SJCL encrypted response.</li> <li>The client and server switch to a new shared key using powMod(3, prevSharedKey, newPrivKey)</li> </ul></li> </ul> Now I have a few questions.. How secure would such a system be in comparison with HTTPS or other algorithms? What are the weakest points of such a system? In terms of security / practicality, would it be better to use 1024 bit keys for stronger security? Are the HMAC/PBKDF2/CCM options overkill? Is it worth modulating the shared key? Thanks for reading!
Tags
<javascript><node.js><encryption><aes><diffie-hellman>
Title
Client-side encryption over HTTP with Diffie-Hellman Key Exchange and AES
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USarby
UserOwnerUserId
1. USarby
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POClient-side encryption over HTTP with Diffie-Hellman Key Exchange and AES
 UserUserId
 USamar
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POClient-side encryption over HTTP with Diffie-Hellman Key Exchange and AES
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POClient-side encryption over HTTP with Diffie-Hellman Key Exchange and AES
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.