Problem solve Get help with specific problems with your technologies, process and projects.

Diffie-Hellman vs. RSA: Comparing key exchange algorithms

See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown from expert Michael Cobb.

Do you know of any algorithms that merge or combine the RSA and Diffie-Hellman algorithms? Would there be any benefit...

in doing so? If this is not possible, is one better than the other?

Let me answer this question by first explaining Diffie-Hellman vs. RSA algorithms. Diffie-Hellman is a key exchange algorithm and allows two parties to establish, over an insecure communications channel, a shared secret key that only the two parties know, even without having shared anything beforehand.

The shared key is an asymmetric key, but, like all asymmetric key systems, it is inherently slow and impractical for bulk encryption. The key is used instead to securely exchange a symmetric key, such as AES (Advanced Encryption Standard) used to encrypt subsequent communications. Unlike Diffie-Hellman, the RSA algorithm can be used for signing digital signatures as well as symmetric key exchange, but it does require the exchange of a public key beforehand.

RSA and Diffie-Hellman are both based on supposedly intractable problems, the difficulty of factoring large numbers and exponentiation and modular arithmetic respectively, and with key lengths of 1,024 bits, give comparable levels of security. Both have been subjected to scrutiny by mathematicians and cryptographers, but given correct implementation, neither is significantly less secure than the other.

The nature of the Diffie-Hellman key exchange does make it susceptible to man-in-the-middle attacks since it doesn't authenticate either party involved in the exchange. This is why Diffie-Hellman is used in combination with an additional authentication method, generally digital signatures. When using RSA, a 1,024-bit key is considered suitable both for generating digital signatures and for key exchange when used with bulk encryption, while a 2048-bit key is recommended when a digital signature must be kept secure for an extended period of time, such as a certificate authority’s key.

Getting back to the question at hand, you can’t really merge the two algorithms because of the unique attributes and complexity that each one has. Most encryption systems offer a choice between them rather than combining them. SSL 3.0 supports a choice of key exchange algorithms, including the RSA key exchange when certificates are used, and Diffie-Hellman key exchange for exchanging keys without certificates and without prior communication between client and server.

This was last published in March 2011

Dig Deeper on Email Security Guidelines, Encryption and Appliances



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Diffie-Hellman is anonymous key exchange. RSA is an integrity key exchange. RSA confirms the server knows the private exponent to a public exponent/modulus.

Diffie-Hellman requires the exchange of two clear text keys, a prime number and a generator. Each server generates a random number, calculates (G^random number) mod P and exchanges the answer to that. Then they calculate (other computer's answer ^ My Random Number) mod P. This answer will be the same on both computers. Very simple.

With RSA, two numbers are exchanged, an exponent (generally 65537 is chosen) and a modulus. The server's exponent (private exponent (the calculation for this exponent is a function of two primes and the public exponent; modulus is always prime1 * prime2) is hidden (they share the modulus). The client simply sends (Data ^ exponent) mod modulus = cipher message. On the server side, data can be recovered by data = (cipher message ^ private_exponent) mod modulus.

With Ephemeral Diffie-Hellman, the server's exchanged key is singed by RSA (see SHA-256/PKCS5Padding/Cipher Block Chaining). and sent over the wire in plaintext. This guarantees that the server owns the Private Exponent (Message ^ Private Exponent) mod P which then can be decrypted by (Cipher Message ^ Public Exponent) Mod P, ran against the same algorithm, and compared in plain text on the client side. By utilizing Ephemeral Diffie-Hellman, you maintain the benefit of Anonymous Key Exchange while preventing man-in-the-middle attacks.