Re: [TLS] IV Generation was: Clarifications and questions: TLS1.3 - Static RSA and AEAD

Michael StJohns <> Thu, 29 May 2014 22:19 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 023861A0195 for <>; Thu, 29 May 2014 15:19:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.899
X-Spam-Status: No, score=-3.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bgyFk555yp0M for <>; Thu, 29 May 2014 15:19:04 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 46B8C1A0697 for <>; Thu, 29 May 2014 15:19:04 -0700 (PDT)
Received: by with SMTP id y13so215161pdi.16 for <>; Thu, 29 May 2014 15:19:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=KxXAy62oacfHezq7gs4D6elEixacg9eMcN00bZAnMAk=; b=OhyFf1F4iqmAnW1l/U2eWHPAoNBfzaj6li2aZ+jYeq7WG/J9j01EqvPb7wdELyxKnc pVuj6qWWZyZK23zVeTs3Dh3YIS3Ymd+ldxywdVp4np65IKdMLIXVum67rrMjNzeK5pVT HYy5Ex/v9HbhwqXJpUP4DfmdzxGroUIXxGKX7nuowdqGs8TIbzoDhXdIUNB9Sng+tIAV +17kDYtLrr/A9WmP2dcEGo3AlqZEgNXR3GBtlRL7Nnn283G+5OFaiJ+HVg4rQ/k6fM4Z 0mDnPGslBRFubpEguno9sAgUWXQ3nQsn7Gug4nTJNQl/gzEvcHaedUqSotgpYX92raxl LYuQ==
X-Gm-Message-State: ALoCoQnNQXr9B2xSOQ7O49e2GFns8SMr0vJjjtRhdVvNQvw+6OVkZglZzufgru4w8F+lkhNJtN/e
X-Received: by with SMTP id ob6mr12420858pbb.141.1401401940084; Thu, 29 May 2014 15:19:00 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id pv4sm8809973pac.14.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 29 May 2014 15:18:59 -0700 (PDT)
Message-ID: <>
Date: Thu, 29 May 2014 18:19:07 -0400
From: Michael StJohns <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "Blumenthal, Uri - 0558 - MITLL" <>, "" <>
References: <> <> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------080606050902050703080905"
Cc: "" <>
Subject: Re: [TLS] IV Generation was: Clarifications and questions: TLS1.3 - Static RSA and AEAD
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 May 2014 22:19:07 -0000

On 5/29/2014 4:18 PM, Blumenthal, Uri - 0558 - MITLL wrote:
>>> There is a necessity to share the master secret with your communication
>>> peer so that both can derive the same new secrets from it.
>> Hence my point that the master secret is a key, and not an entropy pool.
> *Shared* entropy *is* a key.  :-)

Shared *data* may be a key.  A key may have no entropy at all. (e.g. 
passwords for PBE, public keys for identity based public key systems, 
most PINs etc, your safe combination - really, your marriage date?).

Neither of the following statements is true:

    A key is always shared entropy.
    Shared entropy is always a key.

Then there's the fact that "shared entropy" is probably an oxymoron.  
Entropy is "lack of order or predictability", or in thermo "a measure of 
disorganization of a system" and "shared entropy" is there so that 
multiple entities can predictably come up with the same "unpredictable" 

Going back to the origin of this discussion, the premaster and master 
secrets are "keys" - they may be other things, but they are always 
"keys" because without knowledge of those pieces of information you may 
not repeat the functions keyed by them and get the same answers.  (Look 
up many definitions of "key" and you'll find this general concept).  
Martin's assertion that the TLS master secret is not a key is ... 
unsupported by the facts.  Thinking about it as an entropy pool is 

Later, Mike
> key:
> Definition: The numerical value used to control cryptographic 
> operations, such as decryption 
> <>, encryption 
> <>, signature 
> <> generation, or signature 
> verification.
> *Key* - Information (usually a sequence of random or pseudo-random 
> binary digits) used initially to set up and periodically change the 
> operations performed in crypto equipment for the purpose of encrypting 
> or decrypting electronic signals, for determining electronic 
> counter-countermeasures patterns (e.g., frequency hopping or spread 
> spectrum), or for producing other key. "Key" has replaced the terms 
> "variable," "key(ing) variable," and "cryptovariable."
> In cryptography <>, a *key* 
> is a piece of information (a parameter 
> <>) that determines the 
> functional output of a cryptographic algorithm 
> <> or cipher 
> <>. Without a key, the algorithm 
> would produce no useful result. In encryption 
> <>, a key specifies the 
> particular transformation of plaintext 
> <> into ciphertext 
> <>, or vice versa during 
> decryption <>. Keys are also 
> used in other cryptographic algorithms, such as digital signature 
> <> schemes and message 
> authentication codes 
> <>.
> *key*
>     A string of bits used widely in cryptography, allowing people to
>     encrypt and decrypt data; a key can be used to perform other
>     mathematical operations as well. Given a cipher, a key determines
>     the mapping of the plaintext to the ciphertext. See also
>     distributed key, private key, public key, secret key, session key,
>     shared key, sub key, symmetric key, weak key. 
> Cryptographic key
> (key)
> A parameter used in conjunction with a cryptographic algorithm that
> determines its operation in such a way that an entity with knowledge of
> the key can reproduce or reverse the operation, while an entity without
> knowledge of the key cannot. Examples include:
> 1. The transformation of plaintext data into ciphertext data,
> 2. The transformation of ciphertext data into plaintext data,
> 3. The computation of a digital signature from data,
> 4. The verification of a digital signature,
> _*5. The computation of an authentication code from data*_,
> 6. The verification of an authentication code from data and a
> received authentication code,
> _*7. The computation of a shared secret that is used to derive keying*__*
> *__*material.*_