3

I could not understand why in the Client hello and Server hello in SSL Handshake client needs to send to server (publicly) a random number and vice versa. From these numbers a Pre-Master secret will be generated and will be sent encrypted with server's public key. (As I see it, a random Pre-Master secret could have been generated from the beginning at client's side and be sent encrypted with server's public key)

Then, from this Pre-Master both can generate a new Master secret which will be the same in both sides.

Ok, maybe you will tell me that forward secrecy is the answer, but if man-in-the-middle records the session, he knows both random numbers, he knows the Pre-Master secret (let's say he figured out what is the server's private key), so he probably can generate the Master secret and decrypt all of the data.

So, what exactly are the purpose of these two random numbers? Why can't the client generate both 2 random numbers and send them to the server and one needs to be generated at client side while the other at server's side? Are those 2 numbers needs to be prime numbers or other thing?

S.L. Barth
  • 5,504
  • 8
  • 39
  • 47
Yaniv
  • 33
  • 1
  • 1
  • 3

1 Answers1

0

The Pre-Master Secret is derived from the above random numbers (except where Diffie-Hellman is used). It is then encrypted with the Server's Public Key and sent to the Server. the catch is, this encrypted message can ONLY be decrypted by the Server's private key. so if an attacker knows/has the server's private key(the golden key), then its all over already - don't even bother with the TLS.

More information on the random numbers can be found on: Why does the SSL/TLS handshake have a client and server random?

JOW
  • 2,317
  • 2
  • 17
  • 24
  • 1
    link was useful! – Yaniv Sep 01 '15 at 09:26
  • 1
    No, the master secret is derived from the pre-master secret and combining it with the client and server randoms. The pre-master secret is encrypted using the server's public key, except where Diffie-Hellman is used for Perfect Forward Secrecy. Here the public key is used to sign the public values. – SilverlightFox Sep 02 '15 at 08:37
  • I've edited it now @SilverlightFox. thanks for pointing it out – JOW Sep 02 '15 at 08:50