In cryptography, "Diffie-Hellman(-Merkle) Key Exchange" is a protocol for two independent entities to exchange information which allows them to independently generate the same symmetric key, knowing knowledge they already have and the information they received. It essentially allows two people to use hard math to calculate the same result, which is used as the session key.
This is done using a specific math problem that has two important properties:
1) The best solution to the problem that would need to be solved by anyone who could see the actual messages but not in the message flow -- i.e., an eavesdropper -- is currently believed (but not proven) to be "polynomial time" -- meaning, it is between 'linear' and 'exponential'. This is the same way that 1024-bit RSA is considered to give about 117 bits of entropy, by the NIST -- essentially the same amount of probability that would cause any two independent runs of 117 independent coin-flips to occur in *precisely* the same sequence from beginning to end.
2) The same problem is faced by someone who wishes to maliciously spoof messages to either recipient, and it's made less tractable because of the more contemporaneous need for the key. (However, it is possible for malicious Mallory to create two separate and independent protocol interactions, one each to Alice and Bob, and convince each that he is the other, unless Alice and Bob authenticate themselves by some other means once the channel is established.)
Once the channel is established, either side can state what the channel parameters are to the other, and without the addition of a "message authentication code" (essentially a seed to a secure hash function and its verification on every message received) it is possible to end up with a "man in the middle" who is listening to everything that you say.
Diffie-Hellman-Merkle is used in later versions of Transport Layer Security (formerly called SSL) to negotiate a secure channel with "perfect forward secrecy", meaning that if the key is broken for a past interaction, the security of all succeeding keys remains intact.
On its own it doesn't say *anything* other than you're talking to someone who knows how to speak the protocol; the session key must be authenticated in some other manner. This can be performed many ways, such as via asymmetric key certificates (such as found in PGP or X.509), or by proving that the same obscure piece of information is known to both parties (which is the general technique used by an IM-service agnostic system called "Off The Record", available from http://www.cypherpunks.ca/otr/ ; it can run as an AIM proxy for you to use the original AIM client, or it can run as a plugin for such free software as Pidgin (Windows/Linux) or Adium (MacOS X)).
Wikipedia has a really good article at http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange , that says it best: It "is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel."
Essentially, its implications are that it is possible for anyone, at any point, to establish and enforce a policy in any communication across a known-insecure channel such that the content of the messages between the parties cannot be recovered without corruption of either endpoint, blind luck, or a lot more computing power and time than can possibly exist in the universe.
Participating in the protocol relies upon the introduction of two specific mathematical concepts: exponentiation and modular arithmetic. Explaining it usually requires pre-algebra. See Wikipedia for more details.
Cryptography...
This is done using a specific math problem that has two important properties:
1) The best solution to the problem that would need to be solved by anyone who could see the actual messages but not in the message flow -- i.e., an eavesdropper -- is currently believed (but not proven) to be "polynomial time" -- meaning, it is between 'linear' and 'exponential'. This is the same way that 1024-bit RSA is considered to give about 117 bits of entropy, by the NIST -- essentially the same amount of probability that would cause any two independent runs of 117 independent coin-flips to occur in *precisely* the same sequence from beginning to end.
2) The same problem is faced by someone who wishes to maliciously spoof messages to either recipient, and it's made less tractable because of the more contemporaneous need for the key. (However, it is possible for malicious Mallory to create two separate and independent protocol interactions, one each to Alice and Bob, and convince each that he is the other, unless Alice and Bob authenticate themselves by some other means once the channel is established.)
Once the channel is established, either side can state what the channel parameters are to the other, and without the addition of a "message authentication code" (essentially a seed to a secure hash function and its verification on every message received) it is possible to end up with a "man in the middle" who is listening to everything that you say.
Diffie-Hellman-Merkle is used in later versions of Transport Layer Security (formerly called SSL) to negotiate a secure channel with "perfect forward secrecy", meaning that if the key is broken for a past interaction, the security of all succeeding keys remains intact.
On its own it doesn't say *anything* other than you're talking to someone who knows how to speak the protocol; the session key must be authenticated in some other manner. This can be performed many ways, such as via asymmetric key certificates (such as found in PGP or X.509), or by proving that the same obscure piece of information is known to both parties (which is the general technique used by an IM-service agnostic system called "Off The Record", available from http://www.cypherpunks.ca/otr/ ; it can run as an AIM proxy for you to use the original AIM client, or it can run as a plugin for such free software as Pidgin (Windows/Linux) or Adium (MacOS X)).
Wikipedia has a really good article at http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange , that says it best: It "is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel."
Essentially, its implications are that it is possible for anyone, at any point, to establish and enforce a policy in any communication across a known-insecure channel such that the content of the messages between the parties cannot be recovered without corruption of either endpoint, blind luck, or a lot more computing power and time than can possibly exist in the universe.
Participating in the protocol relies upon the introduction of two specific mathematical concepts: exponentiation and modular arithmetic. Explaining it usually requires pre-algebra. See Wikipedia for more details.