Talk:Key exchange

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
???	This article has not yet received a rating on the project's importance scale.

Cryptography: Computer science

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
???	This article has not yet received a rating on the importance scale.
	This article is supported by WikiProject Computer science.

Key exchange can be simpler?[edit]

I recently saw a puzzle: How do you post something in an unbreakable box to a friend, WITHOUT sending him a key to unlock it? The box needs two latches for locks. The solution is simple: A put on a lock (keeping the key), and post it to B. B put on a lock, keeping the key, and post it back. A removes A's lock, and post it to B. B removes B's lock.

I immediatly realized I can use this to send an encrypted message to a friend, WITHOUT us sharing ANY keys... A encrypt it with a long random key using XOR, and send it to B, while storing the key used locally. B does the same and return the message. A then decrypts it using the stored key, and post it back to B (deleting the key since it will no longer be used). B then decrypt using his key, and reads the message.

I have tested this and of course it works for XOR encryption. Note that XOR-encryption can be secure if you use a long random key...

just wondering, how many times have this been invented before? — Preceding unsigned comment added by 163.200.81.8 (talk) 08:57, 8 February 2012 (UTC)[reply]

The above algorithm sends Secret Xor Key A from A to B, then sends Secret Xor Key A Xor Key B back to B. An observer can capture this, Xor those two messages and get key B, which is all that is needed to decrypt the final message, Secret Xor Key B sent from A to B. Thus a passive observer can intercept the secret, and an active one can edit it. So yes, it can transmit the secret, but it is not secure against an observer. Diffie–Hellman key exchange (which is included on the page) works in a similar way, but uses different primitives which remove this vulnerability. Craig Macomber (talk) 03:16, 25 October 2014 (UTC)[reply]

"Kex" redirects here, why?[edit]

On SSL software (OpenSSL, PuTTY, ...) one hase options called similar to "Kex algorithm". I entered "Kex" on Wikipedia and ended up on "Key exchange". The article does not mention the word "Kex". Now I asume "Kex" is simply short for "Key exchange", but I can't be sure. So the article should at least have some short statement about it, especially because of the redirect and because one could think "Kex" is simply a typo for "Key". --194.231.113.66 (talk) 14:19, 14 September 2015 (UTC)[reply]

Channel of exchange[edit]

Regarding https://en.wikipedia.org/w/index.php?diff=810333708, I believe that an example of out-of-band key exchange is having a business that gives all the employees the key on paper face-to-face knee-to-knee in the company's building so that all staff of the company can securely digitally communicate by using the key they all received. As for in-band key exchange, it seems that it is always vulnerable. --NoToleranceForIntolerance (talk) 17:08, 14 November 2017 (UTC)[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just modified 2 external links on Key exchange. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 13:38, 9 December 2017 (UTC)[reply]