3

I've been learning TLS. During the Client-Server Hello their random values are shared. The client generates a 28 byte random and combine it with 4 bytes of epoch time to generate a 32 byte random token. How do they compute these random?

Simply calling the system random generators such as /dev/random or are there any other function in browser to do this? What about the server random?

Anonymous Platypus
  • 1,442
  • 3
  • 19
  • 34

1 Answers1

7

The source is not specified in the standard, making it implementation-dependent.

According to RFC 5246 ยง 7.4.1.2 for TLS 1.2, randomness is only described as:

28 bytes generated by a secure random number generator.

This means it will be entirely implementation-dependent. Any function that produces secure random data can be used. For many modern browsers, the implementation involves requesting a random seed from the operating system (for example, using /dev/urandom on Linux), and then using that to power an in-process cryptographically secure random number generator.

What actually constitutes "secure random numbers" is specified in BCP 106, a document that provides advice for generating random numbers, the source of the random numbers, how to test the random numbers, etc. This is meant merely as a declaration of best practices and is not mandatory. However, common operating systems tend to follow these practices when collecting random numbers that are exported to userspace applications, such as web browsers.

forest
  • 65,613
  • 20
  • 208
  • 262