Context

Can you share Bob's secret recipe with Alice without Eve finding out?

Welcome to the enchanting world of witches and wizards. In this mystical laboratory, you find yourself as Witch Alice, a sorceress seeking an elusive secret potion recipe. Your trusted friend, Witch Bob, has discovered the hidden elixir of wonders and is eager to share it with you. However, an unforeseen obstacle stands in your way – Goblin Eve, determined to steal it for herself.

Starting hypothesis

The challenge is clearly about secure communication over an insecure channel. My initial hypothesis is that this lab focuses on key exchange rather than direct encryption. Since the scenario mentions sharing a secret without Eve discovering it.

Method / Used Tools

Flag 1

The first flag recovered during the lab is:

THM{y0u_br3w3d_7h3_53cr37}

Flag 2

The Technical Components

The Diffie-Hellman key exchange is a cryptographic protocol that allows two parties to establish a shared secret over an insecure channel, without ever transmitting that secret directly. It was invented by Whitfield Diffie and Martin Hellman and relies on modular arithmetic and the computational hardness of the discrete logarithm problem.

The objective is straightforward: two parties (traditionally called Alice and Bob) want to compute the same secret value, even if an attacker (Eve) can observe all the traffic exchanged between them.

Base Parameters (p and g)

Before any key exchange can begin, Alice and Bob must agree on two public parameters:

• A large prime number p (the modulus)
• A generator g (a base number)

These values are public. They can be known by anyone, including Eve. Security does not depend on keeping them secret.

In practice, these parameters can be generated with OpenSSL: