Chapter 33: Encryption Keys
396 Section IX: Management Security
A Diffie-Hellman algorithm requires more processing overhead than RSA-
based key exchange schemes, but it does not need the initial exchange of
public keys. Instead, it uses published and well tested public key values.
The security of the Diffie-Hellman algorithm depends on these values.
Public key values less than 768 bits in length are considered to be
insecure.
A Diffie-Hellman exchange starts with both parties generating a large
random number. These values are kept secret, while the result of a public
key operation on the random number is transmitted to the other party. A
second public key operation, this time using the random number and the
exchanged value, results in the shared secret. As long as no other party
knows either of the random values, the secret is safe.