"Against Rekeying"

[John Ioannidis]

I think the problem is more marketing and less technology. Some 
marketoid somewhere decided to say that their product supports rekeying 
(they usually call it "key agility"). Probably because they read 
somewhere that you should change your password frequently (another 
misconception, but that's for another show).

Also, there's a big difference between rekeying communications protocols 
and rekeying for stored data. Again, the marketoids don't understand 
this. When I was working for a startup that was making a system which 
included an encrypted file system, people kept asking us about rekeying, 
because "everybody has it".

/ji

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com