Robert J. Hansen
rjh at sixdemonbag.org
Thu Jan 26 19:48:34 CET 2017
> For example OpenSSH does a rekeying not later than 4 GiByte even for 128
> bit block length ciphers.
The 256GiB limitation (2**32 blocks of 2**6 bytes = 2**38 bytes; 2**30 is a
gibibyte, 2**8 is 256, hence, 256 GiB) is so well-known that it appears
multiple times in the GnuPG FAQ, even. All the 64-bit-block ciphers have
notations of "don't encrypt more than about 4GiB of data".
(If people are wondering why we advise 4GiB when the birthday bound is
256GiB, it's because we want a large safety margin.)
More information about the Gnupg-users