NimbostratusPlease clear below questions?
Pre-master key derived from already shared random numbers through initial handshake process. Is it correct? How master key is generating from pre-master key on both server and client individually? How session key is generating from master key on both server and client individually?
EmployeeI would direct your attention to RFC5246 regarding how the master secret is created.
https://tools.ietf.org/html/rfc5246section-8.1
NimbostratusHi Kevin, Thanks for the RFC. Checked below
Computing the Master Secret For all key exchange methods, the same algorithm is used to convert the pre_master_secret into the master_secret. The pre_master_secret should be deleted from memory once the master_secret has been computed.
master_secret = PRF(pre_master_secret, "master secret",
ClientHello.random + ServerHello.random)
[0..47];
I could not understand above formula. It is included master secret also then 0..47? Is there for better understanding?
Employee[0..47] means "The master secret is always exactly 48 bytes in length. The length of the premaster secret will vary depending on key exchange method."
Also read sections 9.1.1 and 9.1.2 in the aforementioned RFC for more information on RSA and DH master secret creation. Take a look at this site for another explanation of PRF: https://www.cryptologie.net/article/340/tls-pre-master-secrets-and-master-secrets/
NimbostratusEmployeeI'm struggling to understand what "PRN" means in your question. Pseudo-Random Number?
If you meant PRF, that's a function and not a value. In any case, let's look at this from the perspective of the key exchange method.
If we're talking about DH, the client and server random numbers are transmitted in the clear and serve as seeds in the PRF, and the PMS is derived from the DH algorithm as (g^ab mod p). The 'a' in this case is the client's secret number. Having access to the client's random number isn't enough. You'd also have to have access to the client's secret number, and that isn't transmitted across the wire.
If you're talking about RSA, the client and server still send random numbers in the clear, but this time the PMS is some secret value that the client creates, encrypts with the server's public key, and sends to the server. So in the case, if you had access to the server's private key and could sit in the middle and collect the random numbers and encrypted PMS, you'd have everything you need to create the master secret. This is the basis of pretty much all SSL man-in-the-middle technologies, and is the opposite of perfect forward secrecy, and a big reason for the RSA key agreement not being included in the upcoming TLSv1.3.