0 / 16 flipped
What is the key exchange problem?
The chicken-and-egg challenge: to communicate securely you need a shared key, but to share the key securely you need to already be communicating securely. Modern cryptography solves this without a physical courier.
What is out-of-band key exchange?
Distributing a cryptographic key through a separate channel from the network being secured β telephone, physical courier, or in-person meeting. Highly secure but cannot scale to internet-scale connections.
What is in-band key exchange?
Exchanging a key over the same network being secured. Uses asymmetric encryption to protect the symmetric session key during transmission. The standard method for TLS/HTTPS β fully automated and scalable.
What is a session key?
A temporary symmetric encryption key used for one communication session. Generated fresh, used during the session, then discarded. If compromised, only that single session's data is exposed.
What does "ephemeral" mean in the context of keys?
Temporary β generated for one-time use and deleted after the session. Ephemeral keys are the mechanism that achieves forward secrecy. DHE and ECDHE both use ephemeral keys.
What is forward secrecy?
The property that compromise of a long-term key does not expose past session keys. Achieved via ephemeral key exchange (DHE/ECDHE). Even if an attacker later steals the server's private key, previously recorded sessions cannot be decrypted.
What is Diffie-Hellman?
A key exchange algorithm where both parties independently compute the same shared secret without transmitting that secret. Alice uses Bob's public value + her private value; Bob uses Alice's public value + his private value. Both arrive at the same result.
What does a key exchange algorithm do (vs. encrypt or hash)?
It establishes a shared symmetric key between two parties. It does not encrypt data, does not hash data. It is purely a mathematical process for deriving a common secret that can then be used as an encryption key.
What is a Pre-Shared Key (PSK)?
A symmetric key distributed through out-of-band means before communication begins. Both parties know the key in advance. Common example: WPA2 Wi-Fi password. Simple but requires secure prior distribution β does not scale to the open internet.
What is the TLS handshake?
The negotiation at the start of a TLS connection: server sends certificate, client verifies identity, both establish a shared symmetric session key using asymmetric crypto or Diffie-Hellman, then switch to symmetric encryption for the actual data.
Why is asymmetric encryption used for key exchange but not bulk data?
Asymmetric encryption is computationally expensive β too slow for encrypting large data streams. It is used only for the key exchange phase (brief). Symmetric encryption (AES) is used for the actual data because it is orders of magnitude faster.
What is DHE?
Diffie-Hellman Ephemeral β a variant of DH where a new DH key pair is generated for every session. Provides forward secrecy. Slower than static DH because keys are regenerated each connection, but ECDHE is preferred for better performance.
What is ECDHE?
Elliptic Curve Diffie-Hellman Ephemeral β DHE using elliptic curve math. Provides the same forward secrecy as DHE with smaller key sizes and better performance. The default key exchange in TLS 1.3 β all TLS 1.3 cipher suites use ECDHE.
What is the difference between static DH and ephemeral DH?
Static DH reuses the same key pair for every session β no forward secrecy. Ephemeral DH (DHE) generates a new key pair for each session β provides forward secrecy. TLS 1.3 removed static DH entirely, requiring ephemeral variants.
What two properties must a session key have?
1. Unpredictable β generated from a truly random source, not something an attacker could guess. 2. Ephemeral β changed frequently (ideally per session), so compromise of one key exposes only that session's data.
How does in-band key exchange prevent eavesdroppers from learning the session key?
The session key is encrypted with the server's public key before transmission. An eavesdropper who intercepts it cannot decrypt it without the server's private key, which is never transmitted. The plaintext session key never crosses the network.