Premaster Secret


The Premaster Secret is a value is:

Before the ClientKeyExchange, anyone listening in on the traffic can know this all of this as well (as evidenced because we looked using Wireshark captures).

Now we need to create a random secret key that an eavesdropper/attacker can not figure out.

The user-agent generates the 48-byte Premaster Secret by concatenating the protocol version which must match the value sent previously in the ClientHello message and 46 bytes that the user-agent generates randomly (46 bytes). The user-agent is supposed to get these 46 bytes from a cryptographically secure Pseudorandom number generator.

The 46 byte Premaster Secret random value that’s generated is not used directly, but it’s very important to keep it secret since a lot of things are derived from it.

The length of the entire Premaster Secret will vary depending on key exchange method.

More Information#

There might be more information for this subject on one of the following: