Session key

Session key

A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is traffic encryption key or TEK, which refers to any key used to encrypt messages as opposed to different uses, such as encrypting other keys (key encryption key)

Session keys introduce complication in a crypto system, normally an undesirable end. However, they also help with some real problems, which is why they are used. There are two primary reasons for session keys:
*First, several cryptanalytic attacks are made easier as more material encrypted with a specific key is available. By limiting the material processed using a particular key, those attacks are made more difficult.
* Second, many otherwise good encryption algorithms require that keys be distributed securely before encryption can be used. All secret key algorithms have this undesirable property. There are other algorithms which don't require secure distribution of secret keys, but they are too slow to be practical for encrypting long messages (see public key cryptography). By using one of these "asymmetric" algorithms to distribute an encrypted secret key for another, faster, symmetric algorithm, it's possible to improve overall performance considerably.

Like all cryptographic keys, session keys must be chosen so that they are unpredictable by an attacker. In the usual case, this means that they must be chosen randomly. Failure to choose session keys (or any key) properly is a major (and too common in actual practice) design flaw in any crypto system.

See also

* Hardware random number generator
* List of cryptographic key types
* Perfect forward secrecy
* One-time pad

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Session Key — Ein Session Key ist ein einmal verwendeter, zufällig generierter Schlüssel. Er wird zum Beispiel in der hybriden Verschlüsselung verwendet, um die Nutzdaten symmetrisch zu verschlüsseln. Der Session Key selbst wird zufällig erzeugt, danach werden …   Deutsch Wikipedia

  • session key — seanso raktas statusas T sritis informatika apibrėžtis Laikinas, vienkartinis ↑raktas (3), paprastai galiojantis tik vieną seansą ar į jį panašų laikotarpį. atitikmenys: angl. session key ryšiai: dar žiūrėk – raktas …   Enciklopedinis kompiuterijos žodynas

  • Session key —   An ISO term. A data key used for the session …   International financial encyclopaedia

  • Key Wrap — constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. The Key Wrap algorithms are intended for applications such as (a) protecting keys while in untrusted storage, or (b)… …   Wikipedia

  • Session hijacking — The term session hijacking refers to the exploitation of a valid computer session sometimes also called a session key to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of… …   Wikipedia

  • Key (cryptography) — In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the… …   Wikipedia

  • Session Description Protocol — (SDP) is a format for describing streaming media initialization parameters in an ASCII string. The IETF published the original specification as an IETF Proposed Standard in April 1998 [ cite web|url= |title=SDP:… …   Wikipedia

  • Session Manager Subsystem — Session Manager Subsystem, or smss.exe, is a component of the Microsoft Windows NT operating system. It is executed during the startup process of Windows 2000, XP, 2003 and Vista. At this time it: *Creates environment variables *Starts the kernel …   Wikipedia

  • Session Description Protocol — SDP (Session Description Protocol) Familie: Internetprotokollfamilie Einsatzgebiet: Beschreibung von Multimedia Sitzungen im Rahmen der Aushandlung von Medienformaten SDP im TCP/IP‑Protokollstapel: Anwendung SDP Transport …   Deutsch Wikipedia

  • Session Border Controller — A Session Border Controller is a device used in some VoIP networks to exert control over the signaling and usually also the media streams involved in setting up, conducting, and tearing down calls. Within the context of VoIP, the word Session in… …   Wikipedia