This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Session key" – news ·newspapers ·books ·scholar ·JSTOR(December 2009) (Learn how and when to remove this message)

A session key is a single-usesymmetric key used forencrypting allmessages in onecommunication session. A closely related term iscontent encryption key (CEK),traffic encryption key (TEK), ormulticast key which refers to any key used for encrypting messages, contrary to other uses like encrypting other keys (key encryption key (KEK) orkey encryption has been made public key).

Session keys can introduce complications into a system, yet they solve some real problems. There are two primary reasons to use session keys:

1. Several cryptanalytic attacks become easier the more material encrypted with a specific key is available. By limiting the amount of data processed using a particular key, those attacks are rendered harder to perform.
2. Asymmetric encryption is too slow for many purposes, and allsecret key algorithms require that the key is securely distributed. By using an asymmetric algorithm to encrypt the secret key for another, faster, symmetric algorithm, it's possible to improve overall performance considerably. This is the process used byTLS^[1] and byPGP.^[2]

Like allcryptographic keys, session keys must be chosen so that they cannot be predicted by an attacker, usually requiring them to be chosen randomly. Failure to choose session keys (or any key) properly is a major (and too common in actual practice) design flaw in any crypto system.^{[citation needed]}

• Ephemeral key
• Random number generator
• List of cryptographic key types
• One-time pad
• Perfect forward secrecy

• Key management

• Articles needing additional references from December 2009
• All articles needing additional references
• All articles with unsourced statements
• Articles with unsourced statements from March 2011