I\'ve just watched a video on the TLS protocol and learnt that it uses unidirect

Question

I've just watched a video on the TLS protocol and learnt that it uses unidirectional keys (meaning keys for both sides, from browser to server and from server to browser).

Given that the server uses TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 , how are all those keys shared? We need:

+ AES 256-bit key for the browser
+ AES 256-bit key for the server (CBC)
+ AES 128-bit IV for the browser
+ AES 128-bit IV for the server (CBC)
+ HMAC 512-bit key for the browser
+ HMAC 512-bit key for the server

So in total we need 1792 bits, if we use 2048 bit Diffie-Hellman we can at most share 256 bits securely, if we take the SHA512 of it we get 512 bits, but how are we gonna securely derive so much keys from it?

Indeed we could use PBKDF2 to derive keys, but that would be kind of expensive. Does anyone know how TLS does all this?

Explanation / Answer

In TLS, the key exchange step results in a key called the master secret which is then derived into as much key material as needed with a custom key derivation function, called in TLS terminology the PRF. It is not slow -- contrary to PBKDF2, the "PRF" of TLS is not for handling password and thus has no need to be slow.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.