Skip to content
{{ message }}

Instantly share code, notes, and snippets.

# tylerkerr/toy-dh.py

Created Mar 1, 2016
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
 #!/usr/bin/env python3 # toy diffie-hellman key exchange. from random import SystemRandom p = 0x00964738809dbecd4bcb9ba1d18de0f5a6fbd595383c2dbe460f8dfd6dea62d2a6bca4016806c788e89872e888137d767030c72a17ac7d6cc33e5b44a9c17ad32412656ac0770829412b502dc6010545cc26043b55bbccf7946de94c0a4c1c0386a255d9101a235e0427aefb003cc7a6e64c0860349fc6e220fc7fef110a60ad727e6af317cefbeab4216e0f76dadb816cfdf2cd90549340dc7eef977a7c3133f854088b0390a4d55d6244bc2f8f532401f6d224379b475fd1e30e4de0e52fba9273b742773dcea2c427804d3273d2f2cbcfb4d5deeb80c05282563a37777cabb4c0de696f41f622f6e59b613925ba6ec21b5b380d42f36aa6997fb6f4efcc5b4b print("safe prime p = %s" % format(p, 'x')) # p is a 2048 bit safe prime - "safe" meaning (p-1)/2 is also prime g = 2 print("generator g = %s" % g) # 2 is a generator of the group of order p # g and p are the "parameters", and are provided by the server (public knowledge). a = SystemRandom().randrange(pow(2, 256)) print("random secret a = %s" % format(a, 'x')) # alice picks a random 256-bit secret "a" b = SystemRandom().randrange(pow(2, 256)) print("random secret b = %s" % format(b, 'x')) # bob picks a random 256-bit secret "b" ga = pow(g, a, p) print("\ng ^ a mod p = %s" % format(ga, 'x')) # alice calculates g ^ a mod p and sends this in the clear to bob gb = pow(g, b, p) print("g ^ b mod p = %s" % format(gb, 'x')) # bob calculates g ^ b mod p and sends this in the clear to alice alicepremaster = pow(gb, a, p) print("\nalice derives premaster secret via (g^b)^a mod p: %s" % format(alicepremaster, 'x')) # alice derives g^ab mod p via (g^b)^a mod p bobpremaster = pow(ga, b, p) print("bob derives premaster secret via (g^a)^b mod p: %s" % format(bobpremaster, 'x')) # bob derives g^ab mod p via (g^a)^b mod p assert alicepremaster == bobpremaster # these premaster secrets will be identical, but deriving them from what was sent over the wire (g, p, g^a, g^b) is an intractable problem print("\nsecrets match, and can be used to derive a session key for symmetric encryption")
to join this conversation on GitHub. Already have an account? Sign in to comment