During the TLS handshake, there are random bytes sent from the server to the client and random bytes sent from the client to the server.
Since these bytes are sent in clear text, what is the relevance of them being random? I thought randomness was mostly about lowering the likelihood that these numbers could be guessed. If they are passed around in clear text; whats the importance of the randomness?
Also, what exactly are these random bytes used for?
Since these bytes are sent in clear text, what is the relevance of them being random?
They are a guarantee that the other party with whom you wish to communicate is actually interactively there and you're not just seeing a recorded session that is being replayed to you, potentially impersonating somebody else.
The randomness helps in this to prevent attackers from simulating a bunch of sessions beforehand and then picking the the relevant one for you.
Also, what exactly are these random bytes used for?
Their actual usage is limited to being additional input to the key based key derivation function that transforms the pre-master secret into the master secret (section 8.1 RFC 5246).
