This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Session key" – news · newspapers · books · scholar · JSTOR(December 2009) (Learn how and when to remove this message)
A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is content encryption key (CEK), traffic encryption key (TEK), or multicast key which refers to any key used for encrypting messages, contrary to other uses like encrypting other keys (key encryption key (KEK) or key encryption has been made public key).
Session keys can introduce complications into a system, yet they solve some real problems. There are two primary reasons to use session keys:
Several cryptanalytic attacks become easier the more material encrypted with a specific key is available. By limiting the amount of data processed using a particular key, those attacks are rendered harder to perform.
asymmetric encryption is too slow for many purposes, and all secret key algorithms require that the key is securely distributed. By using an asymmetric algorithm to encrypt the secret key for another, faster, symmetric algorithm, it's possible to improve overall performance considerably. This is the process used by PGP and GPG.[1]
Like all cryptographic keys, session keys must be chosen so that they cannot be predicted by an attacker, usually requiring them to be chosen randomly. Failure to choose session keys (or any key) properly is a major (and too common in actual practice) design flaw in any crypto system.[citation needed]
^OpenPGP Message Format http://tools.ietf.org/html/rfc4880
A sessionkey is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is content encryption...
specific key-agreement protocols that gives assurances that sessionkeys will not be compromised even if long-term secrets used in the sessionkey exchange...
science, session hijacking, sometimes also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a sessionkey—to...
to generate a unique sessionkey for subsequent encryption and decryption of data during the session, or uses Diffie–Hellman key exchange (or its variant...
within a single session (e.g., in broadcast applications) where the sender generates only one ephemeral key pair per message and the private key is combined...
(public-key) key encapsulation algorithms (e.g., PSEC-KEM). Key Wrap algorithms can be used in a similar application: to securely transport a sessionkey by...
key that was used (the sessionkey). The Key Serial Number (KSN) provides the information needed to do this. The cryptogram is decrypted with session...
Authenticated Key Exchange (AKE), Authenticated Key Agreement (AKA) or Authentication and Key Establishment (AKE) is the exchange or creation of a sessionkey in...
symmetric key is used only once and is also called a sessionkey. The message and its sessionkey are sent to the receiver. The sessionkey must be sent...
long-term asymmetric secret keys used to establish an HTTPS session should not make it easier to derive the short-term sessionkey to then decrypt the conversation...
instant messaging. After an initial key exchange it manages the ongoing renewal and maintenance of short-lived sessionkeys. It combines a cryptographic so-called...
username, verification key, and key identifier. For each call, Skype creates a session with a 256-bit sessionkey. This session exists as long as communication...
encryption key was a mixed type early in its use; the key was a combination of secretly distributed key schedules and a user chosen sessionkey component...
Pre-shared key (EAP-PSK), defined in RFC 4764, is an EAP method for mutual authentication and sessionkey derivation using a pre-shared key (PSK). It provides...
paper) form. See EKMS. ephemeral key - A key that only exists within the lifetime of a communication session. expired key - Key that was issued for a use in...
produces sessionkeys that remain secure even when the password is later disclosed. Known-key security - It prevents a disclosed sessionkey from affecting...
If either is incorrect or invalid, the session is aborted. The message is then decrypted with Bob's secret key, giving Alice's ID. Bob checks if the message...
with Steve. Note that the salt s is shared and exchanged to negotiate a sessionkey later so the value could be chosen by either side but is done by Carol...
The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice...
secure attention key, it requests the LSA to create login sessions on login, and terminates all of the processes belonging to a login session on logout. Booting...
engineers in secret while the band was in the midst of a jam session. Key said of the recording session: There's a certain greatness to knowing that the tape...