3.1.4.3.3 DES Session-Key

If neither AES nor strong-key support is negotiated between the client and the server, the session key is computed by using the DES encryption algorithm in ECB mode, as specified in [FIPS81], as follows.

 ComputeSessionKey(SharedSecret, ClientChallenge, 
                   ServerChallenge)
  
      M4SS := MD4(UNICODE(SharedSecret))
  
      SET sum to ClientChallenge + ServerChallenge
      SET k1 to lower 7 bytes of the M4SS
      SET k2 to upper 7 bytes of the M4SS
      CALL DES_ECB(sum, k1, &output1)
      CALL DES_ECB(output1, k2, &output2)
      SET Session-Key to output2

The key produced without AES and strong-key support negotiated is 64 bits and is padded to 128 bits with zeros in the most-significant bits.