cryptologie.net

cryptography, security, and random thoughts

Hey! I'm David, cofounder of zkSecurity, research advisor at Archetype, and author of the Real-World Cryptography book. I was previously a cryptography architect of Mina at O(1) Labs, the security lead for Libra/Diem at Facebook, and a security engineer at the Cryptography Services of NCC Group. Welcome to my blog about cryptography, security, and other related topics.

← back to all posts

◦

Distinction between the TLS PRF for the Master Key and for the Keys

2016-03-11 blog

Last time I wrote about TLS pre-master keys and master keys.

I just realized one more thing in TLS that doesn’t make sense (besides the fact that different versions of TLS have different PRFs). Here’s RFC 5246 (the RFC on TLS 1.2) on how to use the PRF transform your pre-master key into a master key:

key expansion

Here’s the same RFC on how to use the PRF to transform your master key into your 4 or 6 keys:

premaster key

Noticed anything?

Took me some time, the first takes the server random appended to the client random, while the second takes the client random appended to the server random. I’m willing to bet this is not to circumvent any attack but rather to confuse the implementer…

suggested reads:

→ TLS, Pre-Master Secrets and Master Secrets • blog

→ Factoring RSA Keys With TLS Perfect Forward Secrecy • blog

→ Fault attacks on RSA's signatures • blog

← back to all posts blog • 2016-03-11

currently reading:

Distinction between the TLS PRF for the Master Key and for the Keys

03-11 blog

recent posts:

New cryptologie.net

07-20 blog

Weaponizing AI Assistants: With Their Permission

07-20 blog

What are Schwartz-Zippel circuits? How do they relate to iterative constraint systems?

05-29 blog

Short Note On Montgomery Reduction: Why Operating Modulo b?

05-24 blog

Still confused by Plonk's permutation?

03-13 blog

Partial evaluations and linearization

03-12 blog

The trap of the top-down approach

03-07 blog

My company is looking for interns

02-25 blog

Vlogging attempts

02-16 blog

I like whiteboards

10-17 blog

↓ scroll

📖 my book

Real-World Cryptography is available from Manning Publications.

A practical guide to applied cryptography for developers and security professionals.

🎙️ my podcast

Two And A Half Coins on Spotify.

Discussing cryptocurrencies, databases, banking, and distributed systems.

📺 my youtube

Cryptography videos on YouTube.

Video explanations of cryptographic concepts and security topics.

currently reading:

Distinction between the TLS PRF for the Master Key and for the Keys

03-11 blog

recent posts:

New cryptologie.net

07-20 blog

Weaponizing AI Assistants: With Their Permission

07-20 blog

What are Schwartz-Zippel circuits? How do they relate to iterative constraint systems?

05-29 blog

Short Note On Montgomery Reduction: Why Operating Modulo b?

05-24 blog

Still confused by Plonk's permutation?

03-13 blog

📖 my book

Real-World Cryptography is available from Manning Publications.

A practical guide to applied cryptography for developers and security professionals.

🎙️ my podcast

Two And A Half Coins on Spotify.

Discussing cryptocurrencies, databases, banking, and distributed systems.

📺 my youtube

Cryptography videos on YouTube.

Video explanations of cryptographic concepts and security topics.