[5224] in cryptography@c2.net mail archive
Re-key: how often?
daemon@ATHENA.MIT.EDU (Andy)
Mon Jul 26 15:38:12 1999
Date: Mon, 26 Jul 1999 15:21:21 -0400
From: Andy <amaslar@home.com>
To: Cryptography List <cryptography@c2.net>
Greetings,
I am designing a custom client-server database application with built-in
encryption using a symmetrical alg. (maybe IDEA) with a session key that
is exchanged using either D-H or RSA. My question is, how often should I
generate a new key for each session? I was planning on generating a new
key each time a client connects, to be used for the duration of that
session, which could last anywhere from a few minutes to hours. Is this
enough, or should I periodically generate a new key during the session?
Is there a rule of thumb concerning how much info. can be sent/received
before a key is considered "used up"?
Thanks.
-Andy
