Session key

From Simple English Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is traffic encryption key or TEK, which refers to any symmetric key that is used to encrypt traffic messages. Typically TEKs are changed frequently, in some systems daily and in others for every message.

Session keys introduce complexities in a cryptosystem. However, they also help with some real problems, which is why they are used. There are two primary reasons for using session keys:

Like all cryptographic keys, session keys must be chosen so that they are unpredictable by an attacker. In the usual case, this means that they must be chosen randomly. Failure to choose session keys (or any key) properly is a major drawback in any cryptosystem.