7

During the TLS handshake, there are random bytes sent from the server to the client and random bytes sent from the client to the server.

Since these bytes are sent in clear text, what is the relevance of them being random? I thought randomness was mostly about lowering the likelihood that these numbers could be guessed. If they are passed around in clear text; whats the importance of the randomness?

Also, what exactly are these random bytes used for?

Raoul722
  • 2,836
  • 2
  • 20
  • 39
Minaj
  • 1,080
  • 1
  • 13
  • 28
  • I believe they are intended to "nonceify" the exchange, and make it unique in the event of a timestamp repeat – Richie Frame Jul 29 '16 at 04:07
  • Mustn't nonces be protected from eavesdropping?--dont nonces have to be confidential? – Minaj Jul 29 '16 at 04:28
  • 2
    @Minaj, no. – otus Jul 29 '16 at 06:47
  • I thought these random bytes are used to generate the pre-master secret; which means if I get them, I could guess the pre-master secret – Minaj Jul 29 '16 at 07:06
  • 1
    Their primare role is to guarantee freshness of the handshake, e.g. guarantee that neither party is just replaying some old recording of a handshake (which they may not even have performed themselves). – SEJPM Jul 29 '16 at 09:09
  • 1
    The premaster secret is as its name says secret, and separate from the nonces. The premaster secret and the two nonces are input to the PRF to produce the master secret, and the master secret and the two nonces similarly produce the working key material. See rfc5246 sections 8.1 6.3 and 5. If you want to learn about the premaster secret, it depends on the key-exchange method(s) used, which you didn't identify. – dave_thompson_085 Jul 29 '16 at 09:32
  • Note that the generation of ephemeral key pairs for key exchange also requires random numbers as does RSA encryption. Ps could somebody please write an actual answer please? – Maarten Bodewes Jul 29 '16 at 15:35
  • @dave_thompson_085 I was talking about RSA-based key exchange. Does Diffie helman also use the same inputs? -- I mean random bytes, pre-master secret – Minaj Jul 29 '16 at 20:22
  • @MaartenBodewes Thanks for urging the pros to give an answer – Minaj Jul 29 '16 at 21:03

1 Answers1

8

Since these bytes are sent in clear text, what is the relevance of them being random?

They are a guarantee that the other party with whom you wish to communicate is actually interactively there and you're not just seeing a recorded session that is being replayed to you, potentially impersonating somebody else.
The randomness helps in this to prevent attackers from simulating a bunch of sessions beforehand and then picking the the relevant one for you.

Also, what exactly are these random bytes used for?

Their actual usage is limited to being additional input to the key based key derivation function that transforms the pre-master secret into the master secret (section 8.1 RFC 5246).

Community
  • 1
SEJPM
  • 45,967
  • 7
  • 99
  • 205
  • Thanks, I have also found some extra details here: http://security.stackexchange.com/questions/3664/ssl-replay-attack-when-client-server-random-is-missing?rq=1 – Minaj Jul 31 '16 at 07:48