Comment by alphager
1 year ago
AES can only encrypt up to 64TB; after that you need to re-key. So you need a mechanism for rekeying anyway. Definitely a good idea to use a battle-tested tool like wireguard instead of rolling your own.
1 year ago
AES can only encrypt up to 64TB; after that you need to re-key. So you need a mechanism for rekeying anyway. Definitely a good idea to use a battle-tested tool like wireguard instead of rolling your own.
>AES can only encrypt up to 64TB
I've never heard that before. Are you referring to a specific mode of operation?
I think alphager is referring to the upper limits of AES before a birthday attack becomes a concern. In GCM mode there's a realistic chance of an IV being reused after around 64GB of data. Other modes have differing limits.
Presumably this depends on the block size? GP did not specify.
Umm... IPsec?
Truly. I think IPSec is practically more "battle tested" than wireguard ever could be, and IPSec offers more useful functionality than wireguard ever will.