[5229] in cryptography@c2.net mail archive
Re: Re-key: how often?
daemon@ATHENA.MIT.EDU (Rodney Thayer)
Tue Jul 27 10:07:33 1999
Date: Mon, 26 Jul 1999 16:55:07 -0700
To: Andy <amaslar@home.com>, Cryptography List <cryptography@c2.net>
From: Rodney Thayer <rodney@tillerman.nu>
In-Reply-To: <379CB531.59368186@home.com>
And you are doing this because you have an intense urge to
not use IPsec or some other predefined scheme...?
(If you think they don't work, that's a great answer,
and could you please elaborate...)
At 03:21 PM 7/26/99 -0400, Andy wrote:
>Greetings,
>
>I am designing a custom client-server database application with built-in
>encryption using a symmetrical alg. (maybe IDEA) with a session key that
>is exchanged using either D-H or RSA. My question is, how often should I
>generate a new key for each session? I was planning on generating a new
>key each time a client connects, to be used for the duration of that
>session, which could last anywhere from a few minutes to hours. Is this
>enough, or should I periodically generate a new key during the session?
>Is there a rule of thumb concerning how much info. can be sent/received
>before a key is considered "used up"?
>
>Thanks.
>
>-Andy
>
