Forum Discussion

KT_271103's avatar
KT_271103
Icon for Nimbostratus rankNimbostratus
Jul 27, 2016

SSL key generation method

Please clear below questions?

 

Pre-master key derived from already shared random numbers through initial handshake process. Is it correct? How master key is generating from pre-master key on both server and client individually? How session key is generating from master key on both server and client individually?

 

  • Hi Kevin, Thanks for the RFC. Checked below

    Computing the Master Secret For all key exchange methods, the same algorithm is used to convert the pre_master_secret into the master_secret. The pre_master_secret should be deleted from memory once the master_secret has been computed.

      master_secret = PRF(pre_master_secret, "master secret",
                          ClientHello.random + ServerHello.random)
                          [0..47];
    

    I could not understand above formula. It is included master secret also then 0..47? Is there for better understanding?

  • I'm struggling to understand what "PRN" means in your question. Pseudo-Random Number?

     

    If you meant PRF, that's a function and not a value. In any case, let's look at this from the perspective of the key exchange method.

     

    If we're talking about DH, the client and server random numbers are transmitted in the clear and serve as seeds in the PRF, and the PMS is derived from the DH algorithm as (g^ab mod p). The 'a' in this case is the client's secret number. Having access to the client's random number isn't enough. You'd also have to have access to the client's secret number, and that isn't transmitted across the wire.

     

    If you're talking about RSA, the client and server still send random numbers in the clear, but this time the PMS is some secret value that the client creates, encrypts with the server's public key, and sends to the server. So in the case, if you had access to the server's private key and could sit in the middle and collect the random numbers and encrypted PMS, you'd have everything you need to create the master secret. This is the basis of pretty much all SSL man-in-the-middle technologies, and is the opposite of perfect forward secrecy, and a big reason for the RSA key agreement not being included in the upcoming TLSv1.3.