Quantcast

ECDH vs. ECDHE

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ECDH vs. ECDHE

Hanno Böck-4
Hello,

I'm trying to make sense out of the various abbrevations used for the
SSL cipher suites listed by openssl ciphers.

I've googled, but found no explanation of what ECDHE is and how it
compares to ECDH.

I'm aware that ECDH stands for "elliptic curve diffie hellman key
exchange" (and I'm also - cryptographically - aware what that means -
perfect forward secrecy and such).

What is ECDHE, is it "better" than just ECDH and what's the difference?

Yours,
--
Hanno Böck mail/jabber: [hidden email]
GPG: BBB51E42 http://www.hboeck.de/

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ECDH vs. ECDHE

Billy Brumley
ECDHE is the E=Ephemeral version where you get a distinct DH key for
every handshake.

ECDH has a fixed DH key; one side of the handshake doesn't change from
one instance to the next.

ECDHE gives you forward secrecy; ECDH does not.

ECDHE is less efficient than ECDH; it requires more crypto operations.

They also differ in how the handshake gets authenticated. (ECDH is
sort of implicit and ECDHE explicit.)

Note that unless you explicitly tell it not to, OpenSSL will reuse DH
keys anyway in ECDHE for performance reasons. This may or may not be a
problem for you depending on how your application is being launched.

BBB


On Mon, Apr 30, 2012 at 3:27 AM, Hanno Böck <[hidden email]> wrote:

> Hello,
>
> I'm trying to make sense out of the various abbrevations used for the
> SSL cipher suites listed by openssl ciphers.
>
> I've googled, but found no explanation of what ECDHE is and how it
> compares to ECDH.
>
> I'm aware that ECDH stands for "elliptic curve diffie hellman key
> exchange" (and I'm also - cryptographically - aware what that means -
> perfect forward secrecy and such).
>
> What is ECDHE, is it "better" than just ECDH and what's the difference?
>
> Yours,
> --
> Hanno Böck              mail/jabber: [hidden email]
> GPG: BBB51E42           http://www.hboeck.de/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Loading...