On Sun, Jun 16, 2002 at 04:25:13PM +0200, Shalendra Chhabra wrote:
> In SSL 3.0 Specifications about ClientHello.random It is written
> random_bytes 28 bytes generated by a secure random generator.
> While for ServerHello.random it is written random structure
> generated by the server, but it is not written how this
> ServerHello.random is generated?
I refer to RFC2246, describing TLSv1:
When generating keys and MAC secrets, the master secret is used as an
entropy source, and the random values provide unencrypted salt
material and IVs for exportable ciphers.
To generate the key material, compute
key_block = PRF(SecurityParameters.master_secret,
"key expansion",
SecurityParameters.server_random +
SecurityParameters.client_random);
Thus, if I don't misinterprete this section, the master secret (which
is derived from the premaster secret) is the critical part, for which
a cryptographically secure random number should be used. The client
and server random values should be unique to be used for the salt,
so that pseudo random numbers should be good enough.
Therefore it is the client, which must create the premaster secret,
that must provide cryptographically secure random numbers.
(When using DH key exchange, both client and server need additional
cryptographically strong random numbers for the DH algorithm.)
> Also can someone inform what PRNGs are used for generating these
> ClientHello.random and ServerHello.random and to what extent
> they are considered secure? Was there an attack in earlier versions
> of Openssl due to these PRNGs, I heard from somebody long ago something
> like this
It is said, that early versions of Netscape (being a client) did not
properly take care of the seeding of the PRNG.
With respect to OpenSSL: OpenSSL has its own PRNG to create random numbers
when properly seeded. Seeding is done via /dev/urandom or EGD socket.
Seeding is job of the application, which knows far more about the environment
it is running in.
If you search the openssl-* mailing lists for the terms "PRNG" and "seed"
you will find more answers than you were looking for :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
