Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Hi everyone I\'m little bit confused about contents of Finished Message used dur

ID: 662009 • Letter: H

Question

Hi everyone I'm little bit confused about contents of Finished Message used during Handshake Protocol.In particular this message (client/side) contains the connection-id originally sent from the server and it also contains an hash value derived from all previous handshake message and master secret.So this message is encrypted with key derived from master secret or only connection-id is encrypted,and Finish Message is still transmitted in plain? Another question is about detecting replay attack server/side.Server receive Finished Message from client; how can server correctly detect a replay attack from Finished Message and why we use connection-id and hash only one isn't enough?

Thanks in Advance.

Explanation / Answer

There is no "connection-id" in the Finished messages. For that matter, there appears to be no "connection-id" concept at all in the whole SSL/TLS standard. The closest concept is that of a session ID, which is exchanged through the ClientHello and ServerHello messages, not the Finished messages. By definition, the session ID is not specific to a single connection.

The contents of the Finished message are a hash computed over all the previously exchanged handshake messages, in both directions. The Finished message being sent after the ChangeCipherSpec, it is protected with the newly negotiated cryptographic algorithms and keys, i.e. encrypted and MACed.

The protection against replay attack relies on the way the Finished message contents are computed: since the hash is done over all handshake messages, it includes, in particular, the client_random and server_random elements sent by both client and server. An attacker trying to do a replay cannot reuse both randoms, because, by definition, the attacker is replaying the client while talking to the genuine server, or replaying the server while talking to the genuine client.

Related Questions

Hi can you please explain the steps I am having trouble with these problems than
Question #2370936
Hi can you please help explain how to do each of these questions? How to find th
Question #3626693
Hi can you please help me answer the following questions. First, you will find t
Question #3181510
Hi can you please help me to understand this questions with answers please . thi
Question #2871673
Hi can you please solve these questions :) Thank you! Quantitative Problem 1 Mit
Question #2738074
Hi can you respond to this A traditional monopoly maintains its status using eit
Question #1234053
Hi can you respond to this Traditional Monopoly is a firm that is the only selle
Question #1234052
Hi chegg experts, i am currently stuck on this exam and any help on it would be
Question #3577240
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Hi everyone I\'m almost finish with this assignment and i need help with this qu
Next
Hi everyone here are some questions i could not solve, they are pretty easy howe

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.