difference between master key and session key in TLS

Question

In TLS hanshake messages , the Client sends pre-master key to the Server.

Both sides generate a master key and use that to derive the session keys for TLS. My question is why don't they just the master key as the symmetric key for encrypting the communication ? Why do they need to derive master key from it ?

Thanks,

Answer 1

1) The master secret has a fixed size (48 bytes), which is often smaller than the amount of keying material needed for symmetric keys. For example, the cipher suite TLS_RSA_WITH_AES_256_CBC_SHA requires two symmetric keys of length 32 bytes each, two initialization vectors of length 16 bytes each, and two MAC secrets of length 20 bytes each, for a total of 136 bytes.

2) The TLS protocol allows multiple connections within its sessions. So, even if the master secret is long enough to provide all keying material for a single connection there would not be enough for all possible connections.

3) The TLS process of generating symmetric keys from the master secret uses one-way hashes to protect the master secret from an attacker who knows some symmetric keys. If the master secret and symmetric keys were the same (or easily computable from each other), this security guarantee would not be possible.