As I read the SSL3 specs, I gather that random bytes from the client (generated as part of Client Hello) are combined with the client-generated pre-master secret and random bytes from the server (generated at the Server Hello) to yield the master secret. I'm curious as to the rationale for using randomly generated bytes -- particularly in the need to use random bytes from both parties. It would seem, for instance, that the client is already contributing random data in the form of the pre-master secret (i.e., the data which is encrypted with the public key and sent to the server). Can someone offer some perspectives on this design feature? TIA Harry ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
- What US companies need to know about RSA Aaron D. Turner
- Re: What US companies need to know about RSA Dr Stephen Henson
- Re: What US companies need to know about RSA Paul Khavkine
- Re: What US companies need to know about RSA Michael J. Markowitz
- Re: What US companies need to know about RSA Bodo Moeller
- Question about Browser Authenticity Harry Whitehouse
- RE: Question about Browser Authenticity Rene G. Eberhard
- RE: Question about Browser Authenticity Harry Whitehouse
- Re: Use of Random Bytes from Client and ... Harry Whitehouse
- Re: Use of Random Bytes from Client ... Bodo Moeller
- RE: Use of Random Bytes from Cl... Rene G. Eberhard
- Re: Use of Random Bytes from Client ... Michael Voucko
- RE: Question about Browser Authenticity Geoff Thorpe
- Re: What US companies need to know about RSA Gregory Stark
- Re: What US companies need to know about RSA Dave Neuer
- Re: What US companies need to know about RSA Aaron D. Turner
- Re: What US companies need to know about RSA Dave Neuer
- Re: What US companies need to know about RSA Pete Chown
- Re: What US companies need to know about RSA Aaron D. Turner
