>> Looking over it again, it turns out the Canadians are distrustful >> of 128-bit crypto *in general*. None of them are approved for >> periods longer than seven days. > > True, but that's not uncommon: OpenVPN in TLS mode renegotiates a > new session key ever hour by default. GnuPG generates new session > keys with each message. Are there any common cryptographic > implementations that would use the same symmetric key for long > periods of time?
Point: this is probably not indicative of Canadian distrust in AES-128, CAST5, or 3DES, so much as it is the Canadians codifying an existing best practice. However, using the same symmetric key for long periods isn't at all uncommon. I last changed the passphrase on my key a little over a year ago, for instance, so I'm empirical evidence of at least one person who's been using a symmetric key for over a year. :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
