For sending passwords over the wire, which is more secure: Diffie-Helman/AES or RSA? (It bothers me that AES doesn't obscure password length)

Question

I was given advice that I am suspicious about so I'm looking for support here to go back and challenge the advice.

I was advised to use Diffie-Hellman to get both sides to agree on a secret key, use the secret key to generate an AES key, and then use AES to encrypt/decrypt passwords that are being transmitted. Pretty much like the sample code here

When using this scheme, the length of the encrypted password is the same as the length of the unencrypted password. Should I be worried about this?

Before, I was using RSA, encrypting the passwords with the receiver's public key. This was resulting in an encrypted length of 256 no matter what the password length. Isn't that better?

Answer 1

You can just pad to whatever length with any data. It doesn't have to be random. As long as it's all encrypted. I think though that is the least of your worries.

Note if you use Diffie-Hellman you still need to authenticate the parameters sent, which you probably need to do with RSA.

The alternatives are:

1. Use RSA to exchange an encrypted secret key that you then use to encrypt your data.
2. Use Diffie-Hellman to exchange a secret key and then use RSA to sign values sent to authenticate the transaction.

If you do all this, then you have to also worry about whether exchanges have been replayed to make you reuse keys etc.

To be honest if you need to ask this question then you probably are not qualified to write a crypto protocol. They are extremely hard to get right and not for the faint hearted.

Suggest you use SSL/TLS for your exchange if you need to stream a lot of data. PGP/PKCS#7 if you just need to send a single message.