Marsh Ray wrote:
http://tools.ietf.org/html/rfc2246 :
7.4.1.2. Client hello
[...]
random_bytes
28 bytes generated by a secure random number generator.
Not pseudorandom, "generated by a secure random number generator".
No, if you look at the implementation notes in RFC 5246, you will see that
it really is meant to be pseudo-random:
Appendix D. Implementation Notes
D.1. Random Number Generation and Seeding
TLS requires a cryptographically secure pseudorandom number generator
(PRNG). Care must be taken in designing and seeding PRNGs. PRNGs
based on secure hash operations, most notably SHA-1, are acceptable,
but cannot provide more security than the size of the random number
generator state.
A server especially would not want to use an RNG (over a PRNG) since an
attacker could rob it of all its entropy by sending a flood of bogus
ClientHellos.
In my own implementation, the only place I use a true RNG is when a client
generates an RSA premaster secret. (It may also get used in EDH when
generating private keys, but that happens internal to OpenSSL, and I haven't
looked at that code.)
Mike
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf