RE: Pre Master Secret Regarding
Aravind Actually, there is more than one key that is derived from the pre-master key. There is both an encryption and HMAC keys for both transmission and reception. That translates to 4 separate keys. Bob From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Aravinda babu Sent: Saturday, April 03, 2010 6:39 AM To: openssl-users@openssl.org Cc: openssl-...@openssl.org Subject: Pre Master Secret Regarding Hi all, During SSL/TLS handshake,a pre master secret is sent from client to the server by encrypting pre master secret with server's public key.From that both client and server derive master secret and finally one symmetric key.My doubt is, why both cannot use pre master secret itself as a symmetric key ? Thanks in advance, Aravind. PGP.sig Description: PGP signature
RE: Pre Master Secret Regarding
Aravinda babu wrote: > During SSL/TLS handshake,a pre master secret is sent from client to the > server by encrypting pre master secret with server's public key. > From that both client and server derive master secret and finally one > symmetric key. My doubt is, why both cannot use pre master secret itself > as a symmetric key ? The minor reasons: 1) The scheme used to identify the server may not support encrypting data large enough to be used as the symmetric key. 2) The client's random number generation may not be sufficiently secure, so having the server participate in generating the symmetric key provides greater protection from passive attacks. 3) Using this approach, you would need a phase where the server proves it can decrypt the symmetric key anyway. The major reason: If you did that, you would have no protection against replay attacks. Nothing would stop an attacker from intercepting the SSL session and playing it back to the server. Consider a secure web application that receives commands from a command center to disarm the safe alarm every business morning and then one to arm it every day at close of business. If an attacker intercepts the "disarm the safe" session, he could play it back any time he wanted and disarm the safe alarm at 2AM on a Sunday morning. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org