Which of the following best describes Key Derivation Functions (KDFs)?

A.
Keys are generated from a master key.

B.
Session keys are generated from each other.

C.
Asymmetric cryptography is used to encrypt symmetric keys.

D.
A master key is generated from a session key.

Explanation:
A: For complex keys to be generated, commonly a master key is created and then symmetric keys (subkeys) are generated from it. Key Derivation Functions (KDFs) derive
encryption keys from a secret value. The secret value can be a master key, passphrase, or password. KDFs are used to help ensure the randomness of the key values to make it
harder for the attacker to uncover them. The KDF commonly uses a pseudorandom number generator with the secret value to make each encryption key unique.
B is incorrect because session keys are commonly generated from the master keynot from each other. For example, if an application is responsible for creating a session key for
each subject that requests one, it should not be giving out the same instance of that one key. Different systems need to have different symmetric keys to ensure that the window for the
bad guy to capture and uncover that key is smaller than if the same key is used over and over again. When two or more keys are created from a master key, they are called subkeys.
C is incorrect because the encryption of keys has nothing to do with KDFs. KDF pertains to the procedures of creating unique and strong encryption keys. KDF helps to ensure that
enough randomness is involved when generating new keys so that the attacker has a harder time uncovering them.
D is incorrect because the statement is backward. A session key is commonly generated from a master key. When keys are generated from an original value, as in a master key, the
resulting keys are referred to as subkeys or subsession keys.