LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What's the purpose of the 32-byte Random Number in TLS Client Hello and Server Hello?

Each side contributes a 32-byte random — together they ensure the derived session keys are unique to this exact handshake, preventing replay attacks and key reuse.

The role:

session_keys = KDF(pre_master_secret, client_random + server_random + ...)

Even if the same client and server reconnect 1000 times, each handshake's keys differ because the randoms differ.

Why this matters:

Without unique randoms With unique randoms
Same keys reused → recording attacker can replay Different keys → replays fail
Predictable keys → cryptanalysis easier Per-session keys → analyzing one teaches nothing about others
Long-term key compromise = full history breached Forward secrecy + per-session randomness → past sessions safe

The 32-byte size:

256 bits — enough entropy that two randoms colliding is astronomically unlikely (collision probability ~2⁻¹²⁸ in birthday terms).

Why it's not just "any random":

It must be from a cryptographically secure RNG. A weak RNG (predictable randoms) would allow:

  • An attacker who guesses the client random can predict session keys
  • This is exactly how the Debian OpenSSL bug (2008) broke: weak RNG → predictable keys → mass session decryption

Forward secrecy:

Combined with ephemeral Diffie-Hellman (ECDHE), the randoms enable forward secrecy — even if the server's private key is later stolen, past recorded sessions cannot be decrypted, because the actual session key was derived from ephemeral values that no longer exist.

Tip: This is one of those subtle protocol details that prevents whole classes of attacks. Whenever you see "random nonce" in a security protocol, know it's preventing replay or ensuring uniqueness — never decoration.

Go deeper:

From Quiz: INTROL / Protocol Analysis | Updated: Jul 14, 2026