TLS derived keys

Question

I was doing an exam and answered "true" to this question but the augrader said it was false

TLS derives a session key from the agreed master secret. That key is then used during the TLS session for encryption and authentication of the session data

Is this an error or is it really false ?

Maybe the reason that the correct answer is false is that TLS does not derive *a* session key from the master secret - TLS derives *many* session keys. The client and the server each have separate keys that are used for encryption and authentication. — mti2935, Nov 10 '20 at 02:33
See https://security.stackexchange.com/questions/99537/mastersecret-expansion-into-keys and as linked there https://crypto.stackexchange.com/questions/1139/what-is-the-purpose-of-four-different-secrets-shared-by-client-and-server-in-ssl (although before thus not covering 1.3) — dave_thompson_085, Nov 11 '20 at 03:02

score 0 · Accepted Answer · edited Oct 07 '21 at 07:34

TLS derives a session key from the agreed master secret. That key is then used during the TLS session for encryption and authentication of the session data

It is not true that "... a [single] session key ... for encryption and authentication ..." gets derived.

While the exact details differ between TLS versions in general different keys are derived for client and server. Up to TLS 1.2 also separate keys were derived for encryption and authentication. With TLS 1.3 only the encryption key is needed since all ciphers are using authenticated encryption.

For the details see for example RFC 5246 (TLS 1.2) section 6.3 or RFC 8446 (TLS 1.3) section 7.3.

TLS derived keys

1 Answers1