Session Key

A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is content encryption key (CEK), traffic encryption key (TEK), or multicast key which refers to any key used to encrypt messages, as opposed to other uses, like encrypting other keys (key encryption key (KEK) or key wrapping key).

Session keys can introduce complication into a system, normally to an undesirable end. However, they also help with some real problems. There are two primary reasons to use session keys:

  • First, several cryptanalytic attacks become easier as more material encrypted with a specific key is available. By limiting the amount of data processed using a particular key, those attacks are made more difficult.
  • Second, asymmetric encryption is too slow for many purposes, and all secret key algorithms require that the key is securely distributed. By using an asymmetric algorithm to encrypt the secret key for another, faster, symmetric algorithm, it's possible to improve overall performance considerably. This is the process used by PGP and GPG.

Like all cryptographic keys, session keys must be chosen so that they cannot be predicted by an attacker, usually requiring them to be chosen randomly. Failure to choose session keys (or any key) properly is a major (and too common in actual practice) design flaw in any crypto system.

Other articles related to "session key, key, session":

Kerberos (protocol) - Protocol - Description - Client Service Authorization
... (which is composed of the client ID and the timestamp), encrypted using the Client/TGS Session Key ... It decrypts message B using the TGS secret key ... This gives it the "client/TGS session key" ...
Session Hijacking - Prevention
... Methods to prevent session hijacking include Encryption of the data traffic passed between the parties in particular the session key, though ideally all traffic for the entire session by using SSL/TLS ... However, it could still be possible to perform some other kind of session hijack ... Use of a long random number or string as the session key ...
Basic Interoperable Scrambling System
... transmissions are protected by a 12 digit hexadecimal "session key" that is agreed by the transmitting and receiving parties prior to transmission ... The key is entered into both the encoder and decoder, this key then forms part of the encryption of the digital TV signal and any receiver with BISS-support with the correct key ... where the decoder has stored one secret BISS-key entered by for example a rightsholder ...
Skype Security - Implementation and Protocols - Peer-to-peer Key Agreement
... For each call, Skype creates a session with a 256-bit session key ... This session exists as long as communication continues and for a fixed time afterward ... As part of connecting a call, Skype securely transmits the session key to the call recipient ...

Famous quotes containing the words key and/or session:

    ‘The key is in the window, the key is in the sunlight at the
    window—I have the key—Get married Allen don’t take drugs—the key is in the bars, in the sunlight in the window.
    your mother’
    Allen Ginsberg (b. 1926)

    The bar is the male kingdom. For centuries it was the bastion of male privilege, the gathering place for men away from their women, a place where men could go to freely indulge in The Bull Session ... the release of the guilty anxiety of the oppressor class.
    Shulamith Firestone (b. 1945)