Diffie–Hellman Key Exchange

Run an ECDH P-256 exchange between Alice and Bob, with an optional Mallory-in-the-middle to show why unauthenticated DH is broken.

Insert Mallory as a man-in-the-middle

What problem does Diffie–Hellman solve?

Two parties on a network they don't trust want to agree on a shared secret key — without ever transmitting that key. Diffie and Hellman's 1976 paper introduced the idea: each side publishes a public value derived from a private secret, and a clever algebraic property lets both sides combine the public halves into the same shared secret that no eavesdropper can reproduce.

Classical DH vs Elliptic-Curve DH

The original DH works in (ℤ/pℤ)* and needs 2048-bit primes for modern security. ECDH replaces modular exponentiation with scalar multiplication on an elliptic curve and gets the same security at 256 bits — much smaller keys, much faster operations. This tool uses NIST P-256, the curve TLS 1.3 and most browsers default to.

Why MITM matters

Plain DH/ECDH gives confidentiality against passive eavesdroppers but says nothing about whois on the other end. An attacker who can sit on the wire (an open Wi-Fi network, a compromised router, a state-level adversary) can run two independent DH exchanges — one with each party — and proxy every message. Real protocols defeat this by authenticating the public keys: TLS certificates, SSH host keys, the Signal protocol's identity-key signature on the ephemeral share, and so on.