lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

doc: update crypto docs to use good defaults 

[Diffie-Hellman](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#Cryptographic_explanation)
keys are composed of a `generator` a `prime` a `secret_key`
and the `public_key` resulting from the math operation:

```
(generator ^ secret_key) mod prime = public_key
```

Diffie-Hellman keypairs will compute a matching shared secret
if and only if the generator and prime match for both
recipients.  The generator is usually **2** and the prime is
what is called a [Safe Prime](https://en.wikipedia.org/wiki/Safe_prime).

Usually this matching is accomplished by using
[standard published groups](http://tools.ietf.org/html/rfc3526).
We expose access those groups with the `crypto.getDiffieHellman`
function.

`createDiffieHellman` is trickier to use.  The original example
had the user creating 11 bit keys, and creating random groups of
generators and primes. 11 bit keys are very very small, can be
cracked by a single person on a single sheet of paper.  A
byproduct of using such small keys were that it was a high
likelihood that two calls of `createDiffieHellman(11)` would
result in using the same 11 bit safe prime.

The original example code would fail when the safe primes generated
at 11 bit lengths did not match for alice and bob.

If you want to use your own generated safe `prime` then the proper
use of `createDiffieHellman` is to pass the `prime` and `generator`
to the recipient's constructor, so that when they compute the shared
secret their `prime` and `generator` match, which is fundamental to
the algorithm.

PR-URL: https://github.com/nodejs/node/pull/5505
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
process-exit-stdio-flushing
Bill Automata 9 years ago
committed by James M Snell
parent
4d78121b77
commit
e136c179c1
1 changed files with 4 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      doc/api/crypto.markdown

6
doc/api/crypto.markdown
View File

@ -325,19 +325,19 @@ const crypto = require('crypto');
const assert = require('assert'); const assert = require('assert');
// Generate Alice's keys... // Generate Alice's keys...
const alice = crypto.createDiffieHellman(11); const alice = crypto.createDiffieHellman(2048);
const alice_key = alice.generateKeys(); const alice_key = alice.generateKeys();
// Generate Bob's keys... // Generate Bob's keys...
const bob = crypto.createDiffieHellman(11); const bob = crypto.createDiffieHellman(alice.getPrime(), alice.getGenerator());
const bob_key = bob.generateKeys(); const bob_key = bob.generateKeys();
// Exchange and generate the secret... // Exchange and generate the secret...
const alice_secret = alice.computeSecret(bob_key); const alice_secret = alice.computeSecret(bob_key);
const bob_secret = bob.computeSecret(alice_key); const bob_secret = bob.computeSecret(alice_key);
assert(alice_secret, bob_secret);
// OK // OK
assert.equal(alice_secret.toString('hex'), bob_secret.toString('hex'));
``` ```
### diffieHellman.computeSecret(other_public_key[, input_encoding][, output_encoding]) ### diffieHellman.computeSecret(other_public_key[, input_encoding][, output_encoding])

Write Preview
Loading…
Cancel
Save