How often should an encrypted session be rekeyed?
Sean Chittenden
sean at chittenden.org
Fri Apr 18 13:58:21 PDT 2003
> > Using OpenSSL, is there a preferred/recommended rate of rekeying
> > an encrypted stream of data? Does OpenSSL handle this for
> > developers behind the scenes? Does it even need to be rekeyed?
>
> "Depends". I recommend the O'Reilly book on OpenSSL for this and
> related OpenSSL programming docs.
>
> ISBN: 0-596-00270-X
Thanks, I may have to stop through B&N tonight. I know it depends on
the strength of the cypher, the data transfered, and time between the
last rekeying, but I was wondering on what scale this should happen.
Once an hour? Once every X bytes? Does OpenSSL handle this for
developers? I looked at OpenSSH and mod_ssl and couldn't find any
indication as to how often things are rekeyed beyond "whenever the
client requests it," but looking at client code didn't tell me much
either.
Do you know of any online URLs with useful bits? -sc
--
Sean Chittenden
More information about the freebsd-security
mailing list