File content as of revision 14:03a0b8fd6ddc:

Names
=====
SHA
secure hash algorithm
   - it is deterministic, meaning that the same message always results in the same hash
   - it is quick to compute the hash value for any given message
   - it is infeasible to generate a message that yields a given hash value
   - it is infeasible to find two different messages with the same hash value
   - a small change to a message should change the hash value so extensively that
     the new hash value appears uncorrelated with the old hash value (avalanche effect)
   
HMAC
keyed-hash message authentication code or hash-based message authentication code
   - it is a message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.
   - it may be used to simultaneously verify both the data integrity and the authentication of a message
   - used to sign a message with a symmetrical key


Links
=====
https://tls.ulfheim.net/

Full  RSA handshake
===================
ClientHello       -=> use session id to jump to short handshake
                  <=- ServerHello
                  <=- Certificate
                  <=- ServerHelloDone
                  
ClientKeyExchange -=> start asynchronous sha256 decryption
ChangeCipherSpec  --> switch to encrypedIn
Finished          -=> store the encrypted verify message

sha256 decrypted  --> prepare the keys and decrypt the verify message
                  <-- ChangeCipherSpec
                  <=- Finished


Short RSA handshake
===================
ClientHello       -=>
                  <=- ServerHello
                  <-- ChangeCipherSpec
                  <=- Finished
ChangeCipherSpec  --> switch to encrypedIn
Finished          -=>