Re: TLS Session Resumption

Marc,

I am assuming that the checksum you are referring to is the hash that is to be sent by the client to the server during session resumption and/or a new connection initiation.

In a Simple TLS Handshake, the hash is to be computed over the Master Secret Key and all the prior Handshake Messages to prove to the server that (1) the client is aware of the Master Secret Key K and (2) their was no message tampering of the handshake messages.

In TLS Session Resumption, the hash is computed over all prior Handshake Messages between the client and the server. The Master Secret Key K is not to be included while computing the hash. I am unsure whether the 'session_id' is included in the hash computation. And it goes without saying that the client ought to know the Master Secret Key that shared with the server prior to Session Resumption attempts are even contemplated.

You might also want to check for the Constant ASCII String that the client and server need to include in the hash to ensure that the hash messages originating from either of them can be identified uniquely. The ASCII constants in TLS for the client is 'client finished' and 'server finished' for the server.

Hope this helps.

Regards,
Shailesh

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Relevant Pages

  • Re: public key vs passwd authentication?
    ... > original salt and the sequence number. ... the client might possibly want to keep a log of all server "salts" ... if any client hash value leaks that is for an iteration less than ... currently be used by a server. ...
    (comp.security.ssh)
  • Re: Foiling Replay Attacks
    ... > the attacker only knows the previous ones. ... The client has a unique password that it remembers and a hone-way hash ... server provide the client a unique server-specific value (this allows ...
    (sci.crypt)
  • SOAP::Lite
    ... my $server = 'server.somewhere.com'; ... I have tried to return a hash. ... My client then looks like this: ... I actually want to pass the contents of several hashes back to the client, ...
    (comp.lang.perl.modules)
  • Re: Send password over TCP connection
    ... normally with passwords the server only has to check if it is the same word, assuming the same hash algorithms the same hash value can be created at client. ... I have a program that serves client programs. ...
    (comp.lang.python)
  • Socket and Hashtable-Pls guide..
    ... many client connects to the server.I am adding the clientID and Socket ... to the hash table. ... I have added a timer to the server which fires every ... I close the connection and remove mkshah with sck2 from the hash table, ...
    (microsoft.public.dotnet.languages.csharp)
Quantcast