2.2.1.6.6 SessionKey Generation

The term session key, in this context, does not refer to the cryptographic session keys used in authentication and message signing. Rather, it refers to the SessionKey unique identifier sent by the server in the SMB_COM_NEGOTIATE Response (section 2.2.4.52.2).

Virtual circuit session keys (SessionKeys) are generated on CIFS servers. The generation of SessionKeys SHOULD satisfy the following constraints:<20>

  • The SessionKey MUST be a 32-bit opaque value generated by the CIFS server for a particular SMB connection, and returned in the SMB_COM_NEGOTIATE Response for that connection.

  • The SessionKey MUST be unique for a specified client/server SMB connection.

  • The SessionKey MUST remain valid for the lifetime of the SMB connection.

  • Once the SMB connection has been closed, the SessionKey value can be reused.

  • There are no restrictions on the permitted values of SessionKey. A value of 0x00000000 suggests, but does not require, that the server ignore the SessionKey.