DSS, specified in FIPS PUB 186, is a digital signature algorithm based on modulo arithmetic. One of its "features" is that it can't be used for encryption, though this seams a mute point given the widespread availability of solid encryption systems.

Diffie Hellman is a key exchange algorithm based on modulo arithmetic, that can be used to securely exchange keys between two systems that don't share any mutual keys. The problem is to create a shared secret over an insecure communications channel. Simply transmitting an symmetric cipher key is clearly inadequate, because anyone reading the traffic could use the key to decrypt anything encoded with it. Diffie Hellman addresses both of these problems.

Diffie Hellman operates in a large modulo number space, but doesn't rely on properties as exotic as RSA. After agreeing on a large modulus (m) and a common base number (x), each side picks a random number (its local secret), computes x to that power (mod m), and transmits this. Upon receiving this number, the other side raises it to its local secret power, and has computed x to the product of the two powers. Anyone snooping on the wire sees the two partial powers go past, but without the secret powers can't compute the shared secret.

Even with other cryptographic protection in place,
Diffie-Hellman is often used to provide *perfect forward security*,
which means that even if a master authentication key is compromised,
previously exchanged data can't be read. The stolen key could be used
to fabricate false credentials for future sessions, but couldn't be
used to decrypt previous sessions because the session keys were
exchanged using Diffie Hellman.

One of the hardest problems in cryptography is the creation of the keys
themselves, a process which usually requires a good random number
source. High quality random numbers are surprisingly hard to come by
on computer systems, which are almost completely deterministic by
nature. "Pseudo-random" number generators (PRNGs), of the type often
seen in C libraries, don't do the trick. If the PRNG has only a
16-bit seed, then it will produce one of 2^{16}
possible "random" number
streams. This means that an 80-bit key generated with this source
will only assume one of 2^{16} possible values...
not 2^{80} as one would
like. In fact, every cryptosystem presently used (and any likely to
be developed) will succumb to a brute-force attack if its key can be
predicted within 2^{16}.

Thus, modern operating systems often go to great lengths to acquire
and preserve truly random information. Things like the arrival time
of network packets, the exact time between keystrokes, the exact position
of the mouse and various windows on the screen - all can be used
as random number sources. RFC 1750
discusses the issue to some length. Some Unix kernels
now provide a `/dev/random` (or `/dev/urandom`)
that allows applications requiring random numbers to get them
from trusted kernel algorithms that monitor the system for
various pieces of random information, using the timing
of physical events.