On Mon, Jan 31, 2005 at 10:38:53PM -0500, Steven M. Bellovin wrote:
> When using CBC mode, one should not encrypt more than 2^32 64-bit 
> blocks under a given key.  That comes to ~275G bits, which means that 
> on a GigE link running flat out you need to rekey at least every 5 
> minutes, which is often impractical. 

Notably for those encrypting data at rest, it's also rather smaller
than current hard disk sizes, which are much harder to re-key.

(Even for those only encrypting data in flight, it has practical
implications regarding the feasibility of capturing that data for later


Attachment: pgpeucg0rdznT.pgp
Description: PGP signature

Reply via email to