On Tue, 15 Feb 2011 22:29:53 +0100, Christophe Nanteuil christophe.nanteuil@gmail.com wrote:
...
For my own security, keys are rotated on a monthly basis.
Yes and, of course, you are sure that your random generator is better than the debian one before may 2008...
This one's only used by other gpms, for openssl I use lava for years.
...
Do you REALLY think that a brute force attack is what someone would use to gain access to YOUR data ?
Depends on the (real) power you can bring up on the table; and brute force is far from being the only possible attack; AND you can't have any idea of what will happen is the near future (new algorythms, new CPU with calculation power multiplied by 1e8, for example) - in this case, attacker just have to record streams and replay them when maths/tech is ready.
It also depends on footprints you leave behind you (web, MLs, foruls, blogs, trash can, etc), as very first step of a serious attack is intelligence.
...
ever heard of 'forward secrecy' ? ( http://en.wikipedia.org/wiki/Perfect_forward_secrecy)
I didn't knew (or remember) it wear this name, but the principle is so obvious...