3

As far as I understood, when using Diffie Hellman, the pre master secret is generated as follows:

  • Alice and Bob agree on a generator g and a prime p
  • Alice chooses a primary key a, calculates A = g^a mod p and sends the result to Bob
  • Bob chooses a primary key b, calculates k = A^b mod p and receives the pre master secret as a result k

However, if I do that with, say, a 4096 bit p, k also has 4096 bits which seems too large, especially because if I want to hand it over to wireshark in a SSLKEYLOGFILE, wireshark truncates the line after 512 bytes, not reading the whole secret. Is my train of thought correct or is the pre master secret something else?

Lukor
  • 159
  • 1
  • 7
  • 512 Bytes are 4096 bits, so nothing gets truncated. Also, the master secret is (something) mod 4096, so your bitness is fixed to 4096. – Tobi Nary Nov 15 '17 at 19:06
  • @SmokeDispenser since the values are entered as hexadecimal numbers, 4096 bits become 1024 hexadecimal places, which is more than 512 – Lukor Nov 15 '17 at 19:09
  • Does this link from the wireshark Doku help? https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites/42350#42350 – Tobi Nary Nov 15 '17 at 19:13
  • @SmokeDispenser that is exactly what I was trying, I wrote an sslkeylog file containing the line `RSA Session-ID:...sessionid... Master-Key:...the 1024 character hex string...`; wireshark then logged `checking keylog line: RSA Session-ID...` (first 512 bytes) -> `matched session_id`; `checking keylog line:...` (next 512 bytes) -> `unrecognized line` – Lukor Nov 15 '17 at 19:28
  • 1
    @SmokeDispenser: in TLS1.0-2 (and SSL3 cough spit) the master secret is always 48 bytes (384 bits) but the _premaster_ secret varies with different keyexchange methods and parameters. But OP: according to #35639 'RSA Session-ID' should take master not premaster, and only 'PMS_CLIENT_RANDOM' should take premaster. – dave_thompson_085 Nov 15 '17 at 21:27

0 Answers0