Re: WELCOME to secureshell@securityfocus.com

• Previous message: David Coley: "RE: OpenSSH, Chroot, and Public Key issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 19 Aug 2005 15:05:29 -0500
To: secureshell@securityfocus.com

Greetings everyone. I have a question about ssh rekeying that I
haven't been able to find much discussion about: Are there any
security disadvantages or risks with extremely frequent rekeying?

I know there is a risk of collisions if you don't rekey frequently
enough, but is rekeying every 1 minute or even more frequently bad?
My guess would be that is is not bad, but I wonder if having that many
session keys generated would increase the risk of a collision in the
same way that having too many packets sent between rekeying does. If
this risk of collisions was true, does that mean that changing
public/private key pairs would reduce this risk, or would one have to
change the server's keys as well?

One note: I am not concerned with the computational or network
overhead of very frequent rekeying – just the security implications.

Thanks :)
Eric

• Previous message: David Coley: "RE: OpenSSH, Chroot, and Public Key issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]