计算机专业英语中英文对照

1、重 庆 邮 电 大 学专业英语综合作业题 目 第8章 公开密钥算法：密钥交换函数 二 级 学 院 计算机学院 专 业 名 称 计算机科学与技术 班 级 3110703 学 生 学 号 07600321 学 生 姓 名 尹 飚 指 导 教 师 郑 武 成 绩 填表时间： 2010 年 12 月翻译原文（189-190）Now that parameters have been generated and received by the two peers, each peer must generate key pair and exchange their public keys. Remem

2、ber that the private key must not be shared at all. Once this is done, each peer can independently compute the shared secret, and the algorithm will have done its job. With authenticated Diffie-Hellman, the public/private key pairs can persist beyond usage for a single key-agreement. In these cases,

3、 we must be wary of a special class of attack against Diffie-Hellman, which is discussed at the end of this section.OpenSSL provides the function DH_generate_key for generating public and private keys. It requires as its only argument a DH object that has the parameters, p and g, filled in. If the k

4、eys are generated successfully, the return from the function will be nonzero. If an error occurs, the return will be zero.Once the keys have been generated successfully, each peer must exchange their public key with the other peer. The details of how to exchange the value of the public key varies de

5、pending on the medium that is being used, but in a typical case in which the communication is taking place over an established TCP connection, the functions BN_bn2bin and BN_bin2bn will once again workfor the exchange of the DH object's pub_key data member.With the parameters and public key now

6、exchanged, each party in the exchange can use his own private key and the peer's public key to compute the shared secret using the functionDH_compute_ DH_compute_key(unsigned char *secret, BIGNUM *pub_key, DH *dh);secret A buffer that will be used to hold the shared secret. It must be all

7、ocated by the caller and should be big enough to hold the secret. The number of bytes required to hold the secret can be determined with a call to DH_size, passing the DH object as the only argument.pub_key The peer's public key.dh The DH object that contains the parameters and the caller's

8、private key.After the shared secret is computed, the DH object is no longer needed unless more secrets will be generated and exchanged. It can be safely destroyed using the DH_free function.In certain cases, Diffie-Hellman can be subject to a type of attack known as a small-subgroup attack. This att

9、ack results in a reduction of the computational complexity of brute-forcing the peer's private key value. Essentially, a small-subgroup attack can result in the victim's private key being discovered. There are several different methods of protecting Diffie-Hellman against this type of attack

10、. The simplest method is to use ephemeral keying. If both parties stick to ephemeral keying and use a separate method of authentication, small-subgroup attacks are thwarted. This isn't always feasible, however, mostly due to computational expense. If static keys will be used, two simple mathemat

11、ical checks can be performed on the public key received from a peer to ensure these attacks aren't possible. If the key passes both tests, it's safe to use. The first testverifies that the supplied key is greater than 1 and less than the value of the p parameter. The second test computes y m

12、od p, in which y is the key to test and q is another large prime. If the result of this operation is 1, the key is safe; otherwise, it is not. The q parameter is not generated by OpenSSL even though there is a placeholder for it in the DH structure. An algorithm for generating q can be found in RFC

13、2631. If you're interested in the other methods or more detailed information on the attack, we recommend that you read RFC 2785.When we began our discussion of Diffie-Hellman, we mentioned that it provides key agreement and authentication. Use of the authentication features of this protocol is n

14、ot very common; thus, pairing Diffie-Hellman with another algorithm for authentication is often done. The threat is that mistakenly leaving out authentication can lead to susceptibility to man-in-the-middle attacks. To execute such an attack, the attacker sits in between two hosts that are trying to

15、 communicate and intercepts all of the messages. For example, suppose that Alice and Bob plan to use Diffie-Hellman to make a shared secret. Charlie could intercept all messages from Alice to Bob and all messages from Bob to Alice. From this position, Charlie can agree upon a key with Alice and a di

16、fferent key with Bob. When the attacker receives a message from Alice, he decrypts it with the key he negotiated with her and reads the message. He can then encrypt the message using the key he negotiated with Bob and pass it along to him. Alice and Bob will believe that they're communicating se

17、curely. They'll be completely unaware that Charlie is eavesdropping and worse, possibly even altering their messages, inserting forged messages, or not passing the messages along at all.To alleviate this problem, Diffie-Hellman should always be used with some method of authentication, most commo

18、nly from another algorithm. This is accomplished by authenticating the messages containing public values for the Diffie-Hellman agreement. Using signatures, each party would exchange their public keys to use for signing before the conversation begins, and then sign the public value before sending it

19、. The details will be explained in the following section.8.2 Diffie-HellmanThe Diffie-Hellman algorithm was the first public key algorithm ever invented. Introduced in1976 by Whitfield Diffie and Martin Hellman, it is a simple algorithm that allows two parties to agree upon a key using an unsecured

20、channel. In other words, it allows a shared secret to be created. The process is sometimes referred to as key exchange, but with Diffie-Hellman, it is more accurately called key agreement.The primary use of Diffie-Hellman is shared-secret negotiation. The algorithm itself can be made to provide for

21、authentication, but OpenSSL doesn't include any high level interfaces for using these features, so they must be implemented by the application if they're desired. For this reason, most OpenSSL applications that use this algorithm will also use another for authentication. For our purposes, we

22、 will discuss Diffie-Hellman mainly from the perspective of key agreement. Interested readers should refer to RFC 2631 for more information on using it for authentication. Diffie-Hellman guarantees a shared secret will be created that is suitable to use as the key to asymmetric algorithm. Failing to

23、 provide authentication through some other means, either with authenticated extensions to the implementation or through use of another algorithm such as DSA, leaves the protocol susceptible to man-in-the-middle attacks. We'll discuss the details of this type of attack with regard to Diffie-Hellm

24、an toward the end of this section.The low-level interface to Diffie-Hellman provided by OpenSSL consists of a structure of the type DH and a set of functions that operate on that structure. The DH structure and functions are made accessible by including the openssl/dh.h header file. The DH structure

25、 itself contains many data members that are of little or no interest to us, but four members are important, as shown in the following abbreviated DH structure definition现在，已生成的参数，由两个点接收，每个节点必须生成密钥对用来交换他们的公钥。切记私钥不能共享。一旦共享，每个节点都可以独立计算共享秘密，该算法将被默认。根据密钥交换函数认证，公/私密钥对可超越单个密钥协议使用。在这种情况下，我们将在最后一节讨论如何警惕攻击密钥交

26、换函数。OpenSSL提供了公钥和私钥的功能DH_generate_key。如果密钥成功，它要求DH作为其唯一具有的参数，P和G。函数的返回将不为零。如果出现错误，返回将是零。一旦秘钥成功生成，每个节点必须与其他同行交换他们的公钥。如何交换的公钥值的细节变化取决于正在使用的媒介，但是在一个典型的案件中，通信接管建立的TCP连接的地方，功能BN_bn2bin和BN_bin2bn将再次在成为交换对象的pub_key数据成员。随着参数和公钥的交换，交换中的一方可以用他的私钥和节点的公钥来计算共享密钥使用功能DH_compute_ DH_compute_key(unsigned char

27、 *secret, BIGNUM *pub_key, DH *dh);secret 一个缓冲区将用来存放共享的秘密。它必须由调用方分配并且有 应足够大的空间容纳秘密。用字节持有秘密 可确定以DH_size呼叫时，通过唯一参数的对象。pub_key 节点公钥。dh DH指包含的参数和调用者的私钥。共享秘密后计算，DH对象不再需要更多的秘密，除非将生成并交换。它可以被安全地销毁使用DH_free功能。在某些情况下的密钥交换函数能受到的攻击类型的一小群的攻击而闻名。在对蛮力迫使同行的私钥值的计算复杂性的降低这种攻击的结果。从本质上讲，一小群攻击可以导致受害人的私钥被发现。有安全，免受此类攻击的密钥交

28、换函数的几种不同的方法。最简单的方法是使用临时密钥。如果双方坚持短暂的密钥，并使用独立的身份验证方法，小群攻击受挫。这并不总是可行的，但是，主要是因为计算费用。如果静态密钥将被使用，两个简单的数学检查可以从一个节点上执行这些攻击收到确认是不可能的公钥。如果通过这两项测试的关键，它的使用安全。认为所提供的关键是大于1比p参数值减第一。第二个测试计算p，其中y为关键，以测试和Q是另一个大素数。如果此操作的结果是一，关键是安全的，否则，它不是。 q参数是不生成的OpenSSL即使是它的一个占位符，在DH结构。 Q算法生成一种可在RFC 2631。如果你在其他方法或更多的攻击的详细信息感兴趣，我们建议您阅读RFC 2785。当我们开始我们的密钥交换函数的讨论中，我们提到，它提供了重要的协议和认证。使用本协议的身份验证功能不是很常见，因此，配对与另一认证往往是做算法的Diffie - Hellman的。这种威胁是错误地离开了认证可以导致遗传易感性的人在中间的攻击。为了执行这样的攻击，攻击者坐落在两台主机之