Lightboard Lessons: Perfect Forward Secrecy
Hi John,
Thanks a lot for keeping promise :-) Great lesson!!
I am a bit puzzled about how client uses it's random integer. You stated that client is using known (provided by server) prime number, modulo and value A to calculate its own value B. If so what client random integer is used for?
If client uses only values that are public (prime number, modulo and value A) - if I am not wrong those are not encrypted, so can be picked up from stored session - then anyone can recreate value B - or I am wrong here?
Next question - what is purpose of generating pre-master secret? In case of RSA it's necessary because only client generates pre-master secret and then sends it to server. But in case of DH both client and server are able to generate the same pre-master after exchanging A and B values, so why not generate master secret skipping pre-master?
I assume that never sending pre-master secret over the wire is the reason why asymmetric encryption is not necessary and DH is safer than RSA?
What is necessary to compromise TLS session in this case - both server and client random integer? Those are only two pieces of info that are never exchanged and if I am right discarded after given session is over?
I am not sure as well what is exact difference between ephemeral and not ephemeral cipher suite. You said that in case of ephemeral for every session new random integers are chosen - so far so good
But what if ephemeral is not used? For given client, server is always using same random integer? Seems a bit unlikely, server would have to store a lot of info (like client to random integer mapping) for a long time.
Is random integer only piece that is changing, so for every client and every session server is using the same prime number and modulo?
Last but not least :-) I assume that server is still sending it's certificate so client can verify server identity, only difference is that public key from server certificate is never used for encrypting any piece of exchanged data?
Piotr