Let's restate our protocol.
Alice starts by generating a large prime--
we've seen how she can use that using the Rabin-Miller primality test--
finding a primitive root--we haven't seen how to compute that,
but there are efficient ways to do it--
and selecting a random secret in the range 1 to the value of her prime-- -1.
Then she computes the value of raising g to that power mod q,
sends that to Bob, and I'm showing in this version of the program I'm sending
bot the prime and the primitive root.
Those could've been agreed on earlier in public. Nothing secret about them.
Then Bob computes his value, selecting his random secret
and computing yb.
At the end they can both compute the same key,
raising their respective values to the appropriate powers.
So we've assumed so far an eavesdropper--a passive attacker--
who can hear all the messages on this channel but can't disrupt the channel.
What happens if we have an active attacker?
An active attacker can change messages on this channel.
instead of just intercepting them and listening to them--eavesdropping on the message--
they can intercept and change the messages.
Is this protocol secure against an active attacker who can modify messages in transit?
