Derive the Master Secret


Following the ClientKeyExchange both sides now know the 48 byte (256 bit) Premaster Secret

Now the user-agent and Server can generate the Master Secret independently as Per the specification by using:

master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random)

Where The Premaster Secret is the value from the User-agent sent earlier. The Master Secret is simply a concatenation of:

The TLS Pseudorandom function combines the data we give it by using the keyed-Hash Message Authentication Code (HMAC) versions of both MD5 and SHA-1 hash Functions. Half of the input is sent to each hash function. This is clever because it is quite resistant to attack, even in the face of Cryptographically Weak hash Functions for MD5 and SHA-1. This process can feedback on itself and iterate forever to generate as many bytes as we need.

Cryptographically Weak#

There have been several Exploits against SSL-TLS and often they are a result of Cryptographically Weak Pseudorandom generators functions.

More Information#

There might be more information for this subject on one of the following: