A security administrator must implement a system to allow clients to securely negotiate encryption keys with the
company’s server over a public unencrypted communication channel.
Which of the following implements the required secure key negotiation? (Choose two.)
Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each
having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This
shared secret may be directly used as a key, or better yet, to derive another key which can then be used to
encrypt subsequent communications using a symmetric key cipher. It is a variant of the Diffie–Hellman protocol
using elliptic curve cryptography.
Note: Adding an ephemeral key to Diffie-Hellman turns it into DHE (which, despite the order of the acronym,
stands for Ephemeral Diffie-Hellman).
Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE (again, overlook the order of the
acronym letters; it is called Ephemeral Elliptic Curve Diffie-Hellman). It is the ephemeral component of each of
these that provides the perfect forward secrecy.