Defaults
Robert J. Hansen
rjh at sixdemonbag.org
Wed Mar 18 00:09:44 CET 2015
>> Looking over it again, it turns out the Canadians are distrustful
>> of 128-bit crypto *in general*. None of them are approved for
>> periods longer than seven days.
>
> True, but that's not uncommon: OpenVPN in TLS mode renegotiates a
> new session key ever hour by default. GnuPG generates new session
> keys with each message. Are there any common cryptographic
> implementations that would use the same symmetric key for long
> periods of time?
Point: this is probably not indicative of Canadian distrust in AES-128,
CAST5, or 3DES, so much as it is the Canadians codifying an existing
best practice.
However, using the same symmetric key for long periods isn't at all
uncommon. I last changed the passphrase on my key a little over a year
ago, for instance, so I'm empirical evidence of at least one person
who's been using a symmetric key for over a year. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150317/8bba5544/attachment-0001.sig>
More information about the Gnupg-users
mailing list