In a secure online order form, using SSL public key encrytion, how does the client's compter decide what the key is? I read someplace that old version of Netscape used the time of day, along with some other variable. Heard somewhere that the position of the mouse could be use as a variable. How are they doing it now? Is this the right place to ask? Where could I find out?

HI Bob,

Of course this is the right place to ask this question and I hope you will get few good answers as well.

As far as my answer is concerned, I would say I am not really aware how the initial random keys are generated at client (browser) end since it is different for different vendors and also it is kept secret. But one thing is sure that these randomly generated keys are not used as session keys to encrypt the data in SSL. Thses keys are only taken as row material and are used to generate intermediate and master-secret (session key) by applying Diffe-Hellman or other such algorithm.

For more reading you can Google about Diffe-Hellman!

I would also like to clarify that SSL is not public key alogorithm but it’s a judicious mix of Public Key Infrastructure and private (symmetric) key encription.

Hope this would give you a direction for further exploration.

Mahipal