Session key (original) (raw)

A session key is a key used for encryption of a single message or communication session.

Session keys introduce complication in a crypto system, normally an undesirable end. However, they also help with some real problems, which is why they are used. There are two primary reasons for session keys.

Like all cryptographic keys, session keys must be chosen so that they are unpredictable by an attacker. In the usual case, this means that they must be chosen randomly. Failure to chose seesion keys (or any key) properly is a major (and too common in actual practice) design flaw in any crypto system.

See also: perfect forward secrecy