RE: Use of Random Bytes from Client and Server

Wed, 17 Nov 1999 09:15:37 -0800 

> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Bodo Moeller
> Sent: Wednesday, November 17, 1999 11:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Use of Random Bytes from Client and Server
> 
> 
> On Tue, Nov 16, 1999 at 10:42:13PM -0800, Harry Whitehouse wrote:
> 
> > As I read the SSL3 specs, I gather that random bytes from the client
> > (generated as part of Client Hello) are combined with the 
> client-generated
> > pre-master secret and random bytes from the server (generated 
> at the Server
> > Hello) to yield the master secret.
> > 
> > I'm curious as to the rationale for using randomly generated bytes --
> > particularly in the need to use random bytes from both parties. 
>  It would
> > seem, for instance, that the client is already contributing 
> random data in
> > the form of the pre-master secret (i.e., the data which is 
> encrypted with
> > the public key and sent to the server).
> > 
> > Can someone offer some perspectives on this design feature?
> 
> When a session is reused, you don't have client key exchange message.
> Also for fixed-DH ciphersuites (which no-one uses though) client key
> exchange messages are empty.  There may be more reasons.

Yes! Assume there's only the pre_master_secret and no plain rnd 
values. The symmetric key is generated through PRF without the 
rnd values.

This always results in the same symmetric key. An attacker
may bruteforce the key and have success. From now on he has access to
all sessions with the same session_id without having the knowledge of 
the pre_master_secret.

Thus SSL introduced the rnd values. The strength of the key remains the
same and depends on the pre_master_secret. But each key looks different.
For the same reason WTLS introduced a key refresh.

Regards Rene

--
-----------------------------------------------------------
Rene G. Eberhard
Mail  : [EMAIL PROTECTED] 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to