________________________________ From: Nico Williams <[email protected]>
>On Mon, Mar 16, 2026 at 02:17:31PM +0000, Ben Schwartz wrote: >> I don't understand this. All secrets derived from ECDH also depend on >> the (hashed) handshake transcript, including the randoms, so the >> resulting shared secrets will never be duplicated between connections. >> What am I missing? > You right that there is enough entropy with the small nonces (which have > to be kept small), though not in the rest of the handshake. The client and server random both have 32 bytes of entropy (or 24 in TLS 1.2). Is that the "small nonce" you're referring to? 32 bytes (or even 24) sounds like plenty to me. --Ben Schwartz
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
