Security Encyclopedia

Session Key

A session key is a symmetric key that is good for only one communication session. It is generated and used to encrypt all communications within just one conversation or exchange. 

Session keys’ temporary nature is helpful to security, as the more data that a single key encrypts is available, the more vulnerable it is to cryptanalysis. If a conversation uses a session key and subsequent conversations each use a different session key, the amount of data encrypted by a key and available for cryptanalysis is smaller than if all conversations are encrypted with the same key time and again.  

High performance is another benefit of session keys. Session keys are also symmetric making them faster, more efficient, and more conducive to real-time collaboration than their asymmetric (public-key cryptography, or PKC) alternatives. PKC is too slow for instant messaging, for example, but is useful for exchanging the private keys used for conversations where a session key provides security. In fact, key sharing over PKC ahead of session key use and not is de rigueur in security.


“Secure messaging platforms use a session key since the randomly selected and one-time use of these keys are what helps these services stay ahead of threats that would be developed by examining security on past traffic.”