When an application uses the CryptHashSessionKey function to hash a session key, only the base key material should be hashed. For a 40-bit key, this will be 5 bytes of data.
The key should be hashed in big endian byte order. For example, if the RSA Base Cryptographic Provider were used to create and hash a session key that had a value of "4a 3a ee 77 37", then the bytes would need to be reversed before the hashing operation is performed. In this example, the following hash values would be produced:
MD5: 0b 15 55 0a a0 03 f9 3f 75 82 f7 e7 91 32 bc 8c
SHA: 3c 37 72 93 53 ff 2a 4f ef 12 54 18 5b 3a c4 63 03 fd 07 5d