- Session key
A session key is a single-use
symmetric key used forencrypting allmessage s in one communication session. A closely related term is traffic encryption key or TEK, which refers to any key used to encrypt messages as opposed to different uses, such as encrypting other keys (key encryption key)Session keys introduce complication in a crypto system, normally an undesirable end. However, they also help with some real problems, which is why they are used. There are two primary reasons for session keys:
*First, several cryptanalytic attacks are made easier as more material encrypted with a specific key is available. By limiting the material processed using a particular key, those attacks are made more difficult.
* Second, many otherwise goodencryption algorithm s require that keys be distributed securely before encryption can be used. All secret key algorithms have this undesirable property. There are other algorithms which don't require secure distribution of secret keys, but they are too slow to be practical for encrypting long messages (seepublic key cryptography ). By using one of these "asymmetric" algorithms to distribute an encrypted secret key for another, faster, symmetric algorithm, it's possible to improve overall performance considerably.Like all
cryptographic keys , session keys must be chosen so that they are unpredictable by an attacker. In the usual case, this means that they must be chosen randomly. Failure to choose session keys (or any key) properly is a major (and too common in actual practice) design flaw in any crypto system.See also
*
Hardware random number generator
*List of cryptographic key types
*Perfect forward secrecy
*One-time pad
Wikimedia Foundation. 2010.
