On Mon, Jan 31, 2005 at 10:38:53PM -0500, Steven M. Bellovin wrote: > When using CBC mode, one should not encrypt more than 2^32 64-bit > blocks under a given key. That comes to ~275G bits, which means that > on a GigE link running flat out you need to rekey at least every 5 > minutes, which is often impractical.
Notably for those encrypting data at rest, it's also rather smaller than current hard disk sizes, which are much harder to re-key. (Even for those only encrypting data in flight, it has practical implications regarding the feasibility of capturing that data for later analysis) -- Dan.
pgpeucg0rdznT.pgp
Description: PGP signature