Robert J. Hansen rjh at
Wed Mar 18 00:09:44 CET 2015

>> Looking over it again, it turns out the Canadians are distrustful
>> of 128-bit crypto *in general*.  None of them are approved for
>> periods longer than seven days.
> True, but that's not uncommon: OpenVPN in TLS mode renegotiates a
> new session key ever hour by default. GnuPG generates new session
> keys with each message. Are there any common cryptographic
> implementations that would use the same symmetric key for long
> periods of time?

Point: this is probably not indicative of Canadian distrust in AES-128,
CAST5, or 3DES, so much as it is the Canadians codifying an existing
best practice.

However, using the same symmetric key for long periods isn't at all
uncommon.  I last changed the passphrase on my key a little over a year
ago, for instance, so I'm empirical evidence of at least one person
who's been using a symmetric key for over a year.  :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150317/8bba5544/attachment-0001.sig>

More information about the Gnupg-users mailing list