David Taylor wrote:
>
> David Taylor wrote:
>
> > If you give a client hello with an existing session id, the client and
> > server random values will change, but the master secret won't because
> > the short version of the handshake doesn't do the key exchange.
>
> Changing the client and server random values does change the master
> secret as the master secret is created from the pre master secret and
> the random values. But the pre master secret is found during the key
> exchange... which doesn't happen in the short handshake. So, do you keep
> the pre master secret from the full handshake? This seems to be more
> confusing than it needs to be :(
>
The spec doesn't say this explicitly but it suggests at various points
that the master secret retains its original valye when a session is
resumed.
This is hinted at at various points one of which suggests the pre-master
secret should be deleted from memory as soon as the master secret is
determined.
The biggest hint is in the SSL 3.0 spec section F.1.4 which descibes the
security implications of session resumption and only mentions the master
secret not being compromised.
If you want to just change the keys and IVs every so often then it seems
that resuming the session would be one solution. The keys and IVs would
be derived from hashes of the server and client random values of the
resumed session but using the master secret of the original session.
This would change the keys and IVs but without a full session handshake.
Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
NOTE NEW (13/12/98) PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
