Hi, I learn about ssl and i didn't anderstand why server create a random number and send it to the client? why client can't create it?
A:
From the wikipedia article, it is the client that creates the random number.
In order to generate the session keys used for the secure connection, the client encrypts a random number (RN) with the server's public key (PbK), and sends the result to the server.
Graphain
2010-06-17 08:35:16
I'm talking about the random number (not session id) that client send to server first, and then server send to client another random number again. The client suppose to build the pre-master secret from that two random numbers, and i can't anderstand why the server need to send a random number too.
Tim
2010-06-17 09:12:08
I think you have it back to front. The server sends a public key, the client sends a random number encrypted by this public key, the server then uses its private key to decrypt this client send and determine what random number they used. After that they can encrypt everything using this random number as the key.
Graphain
2010-06-18 00:30:45