3.1.4.3.3 DES Session-Key
If neither AES nor strong-key support is negotiated between the client and the server, the session key is computed by using the DES encryption algorithm in ECB mode, as specified in [FIPS81], as follows.
-
ComputeSessionKey(SharedSecret, ClientChallenge, ServerChallenge) M4SS := MD4(UNICODE(SharedSecret)) SET sum to ClientChallenge + ServerChallenge SET k1 to lower 7 bytes of the M4SS SET k2 to upper 7 bytes of the M4SS CALL DES_ECB(sum, k1, &output1) CALL DES_ECB(output1, k2, &output2) SET Session-Key to output2
The key produced without AES and strong-key support negotiated is 64 bits and is padded to 128 bits with zeros in the most-significant bits.