At 03:21 PM 7/26/99 -0400, Andy wrote:
> My question is, how often should I generate a new key for each session?
>Is there a rule of thumb concerning how much info. can be sent/received
>before a key is considered "used up"?
The rule of thumb is to re-key before the value of what you are protecting
exceeds the cost of breaking your key. That makes the economics of
breaking the session work in your favor.
For most real world applications, the length of a logon session
which ranges "anywhere from a few minutes to hours" is easily
protected with one 128 bit key.
The EFF machine can break DES-56 in less time than your sessions,
so unless the thing your protecting is pretty cheap, DES-56 is too
weak. DES-40 is too weak for anything.
Hope this helps.
Pat
Pat Farrell CyberCash, Inc. (703) 715-7834
[EMAIL PROTECTED]
#include standard.disclaimer
