In message <42274A0C.5010403@criticalmagic.com>, Richard Coleman writes:

>For instance, the NIST specification for AES and CCM mode (NIST Special 
>Publication 800-38C) specifically states that you must limit the number 
>of invocations of the block cipher (specifically AES) to 2^61.  Now, I 
>realize that is an upper bound.  But even after removing several orders 
>of magnitude, that leaves a huge amount of material you can encrypt with 
>a single key.
>
>Just throwing out a data point.

This would be much more interesting if you qouted the number they will
say ten and twenty years from now.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.