And you are doing this because you have an intense urge to
not use IPsec or some other predefined scheme...?
(If you think they don't work, that's a great answer,
and could you please elaborate...)
At 03:21 PM 7/26/99 -0400, Andy wrote:
>Greetings,
>
>I am designing a custom client-server database application with built-in
>encryption using a symmetrical alg. (maybe IDEA) with a session key that
>is exchanged using either D-H or RSA. My question is, how often should I
>generate a new key for each session? I was planning on generating a new
>key each time a client connects, to be used for the duration of that
>session, which could last anywhere from a few minutes to hours. Is this
>enough, or should I periodically generate a new key during the session?
>Is there a rule of thumb concerning how much info. can be sent/received
>before a key is considered "used up"?
>
>Thanks.
>
>-Andy
>
