Discussion:
Pre Master Secret Regarding
Aravinda babu
2010-04-03 12:38:46 UTC
Permalink
Hi all,


During SSL/TLS handshake,a pre master secret is sent from client to the
server by encrypting pre master secret with server's public key.From that
both client and server derive master secret and finally one symmetric key.My
doubt is, why both cannot use pre master secret itself as a symmetric key ?

Thanks in advance,

Aravind.
David Schwartz
2010-04-03 22:34:33 UTC
Permalink
Post by Aravinda babu
During SSL/TLS handshake,a pre master secret is sent from client to the
server by encrypting pre master secret with server's public key.
From that both client and server derive master secret and finally one
symmetric key. My doubt is, why both cannot use pre master secret itself
as a symmetric key ?
The minor reasons:

1) The scheme used to identify the server may not support encrypting data
large enough to be used as the symmetric key.

2) The client's random number generation may not be sufficiently secure, so
having the server participate in generating the symmetric key provides
greater protection from passive attacks.

3) Using this approach, you would need a phase where the server proves it
can decrypt the symmetric key anyway.

The major reason:

If you did that, you would have no protection against replay attacks.
Nothing would stop an attacker from intercepting the SSL session and playing
it back to the server. Consider a secure web application that receives
commands from a command center to disarm the safe alarm every business
morning and then one to arm it every day at close of business. If an
attacker intercepts the "disarm the safe" session, he could play it back any
time he wanted and disarm the safe alarm at 2AM on a Sunday morning.

DS

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Bob Bell (rtbell)
2010-04-05 16:14:14 UTC
Permalink
Aravind



Actually, there is more than one key that is derived from the pre-master key. There is both an encryption and HMAC keys for both transmission and reception. That translates to 4 separate keys.



Bob



From: owner-openssl-users-MCmKBN63+***@public.gmane.org [mailto:owner-openssl-***@openssl.org] On Behalf Of Aravinda babu
Sent: Saturday, April 03, 2010 6:39 AM
To: openssl-users-MCmKBN63+***@public.gmane.org
Cc: openssl-dev-MCmKBN63+***@public.gmane.org
Subject: Pre Master Secret Regarding



Hi all,


During SSL/TLS handshake,a pre master secret is sent from client to the server by encrypting pre master secret with server's public key.From that both client and server derive master secret and finally one symmetric key.My doubt is, why both cannot use pre master secret itself as a symmetric key ?

Thanks in advance,

Aravind.
Bob Bell (rtbell)
2010-04-05 16:14:14 UTC
Permalink
Aravind -



Actually, there is more than one key that is derived from the pre-master
key. There is both an encryption and HMAC keys for both transmission and
reception. That translates to 4 separate keys.



Bob



From: owner-openssl-***@openssl.org
[mailto:owner-openssl-***@openssl.org] On Behalf Of Aravinda babu
Sent: Saturday, April 03, 2010 6:39 AM
To: openssl-***@openssl.org
Cc: openssl-***@openssl.org
Subject: Pre Master Secret Regarding



Hi all,


During SSL/TLS handshake,a pre master secret is sent from client to the
server by encrypting pre master secret with server's public key.From
that both client and server derive master secret and finally one
symmetric key.My doubt is, why both cannot use pre master secret itself
as a symmetric key ?

Thanks in advance,

Aravind.
Eduardo Ruiz
2010-04-05 18:50:10 UTC
Permalink
Is there anyone working with symmetric algorithms in Cell platform, i
want suggestions to work with AES, taking advantage of the IBM Cell SPUs

Thanks in advance

Loading...