Greetings,
I am designing a custom client-server database application with built-in
encryption using a symmetrical alg. (maybe IDEA) with a session key that
is exchanged using either D-H or RSA. My question is, how often should I
generate a new key for each session? I was planning on generating a new
key each time a client connects, to be used for the duration of that
session, which could last anywhere from a few minutes to hours. Is this
enough, or should I periodically generate a new key during the session?
Is there a rule of thumb concerning how much info. can be sent/received
before a key is considered "used up"?
Thanks.
-Andy
