5.3.5 Initial Session Key Generation

RDP uses three symmetric session keys derived from the client and server random values (section 5.3.4). Client-to-server traffic is encrypted with one of these keys (known as the "client's encryption key" and "server's decryption key"), server-to-client traffic with another (known as the "server's encryption key" and "client's decryption key") and the final key is used to generate a MAC over the data to help ensure its integrity. The generated keys are 40, 56, or 128 bits in length.