[Dovecot] 2048-bit Diffie-Hellman parameters
Stan Hoeppner
stan at hardwarefreak.com
Tue Sep 24 12:21:36 EEST 2013
On 9/24/2013 1:48 AM, Marios Titas wrote:
> Currently, dovecot generates two primes for Diffie-Hellman key
> exchanges: a 512-bit one and a 1024-bit one. In light of recent
> events, I think it would be wise to add support for 2048-bit primes as
> well...
Why play incremental tiddly-winks with the NSA? Go straight to 1048576
bit encryption. That'll surely keep them out. Oh, wait, all of your
email leaves and arrives via public SMTP, which nobody encrypts...
NSA doesn't sniff the wire. They don't crack encryption. Neither are
cost effective. They go straight to the source, intimidating the
service provider into giving them the data, unencrypted. Or they don't
get the data at all. So how does greater encryption help anyone "in
light of recent events"?
--
Stan
More information about the dovecot
mailing list