Key Exchange
In Secure Channel using Symmetric Key Cryptography we made the Assumption that Alice and Bob have a shared secret key, but how can we establish a secure shared key? (Secure, meaning that the adversary has no information about the shared key)
To establish a key without prior contact, we can utilize:
But Key Exchange Protocols alone do not guarantee identity.
- Without a mechanism to verify who is on the other end,
- the exchange is vulnerable to Man-in-the-Middle (MitM) attacks.
Note: We cannot use MACs to solve this authenticity problem during the exchange, because MACs require a shared key to already exist (the very thing we are trying to establish).
Also modern security standards recommend using ephemeral keys rather than static long-term keys, as they offer:
- Session Independence: A new key is randomly generated for every session.
- Forward Secrecy: If a key is compromised, the impact is limited only to that specific session; past and future communications remain secure.
- Hygiene: Keys are short-lived and never stored long-term.
If you want some guidance for which key length to choose, please have a look at: Key Length Recommendations
Relevant Note(s):