Aravinda babu wrote: > During SSL/TLS handshake,a pre master secret is sent from client to the > server by encrypting pre master secret with server's public key. > From that both client and server derive master secret and finally one > symmetric key. My doubt is, why both cannot use pre master secret itself > as a symmetric key ?
The minor reasons: 1) The scheme used to identify the server may not support encrypting data large enough to be used as the symmetric key. 2) The client's random number generation may not be sufficiently secure, so having the server participate in generating the symmetric key provides greater protection from passive attacks. 3) Using this approach, you would need a phase where the server proves it can decrypt the symmetric key anyway. The major reason: If you did that, you would have no protection against replay attacks. Nothing would stop an attacker from intercepting the SSL session and playing it back to the server. Consider a secure web application that receives commands from a command center to disarm the safe alarm every business morning and then one to arm it every day at close of business. If an attacker intercepts the "disarm the safe" session, he could play it back any time he wanted and disarm the safe alarm at 2AM on a Sunday morning. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
