Am 07.02.2015 um 04:47 schrieb Reindl Harald:
Am 06.02.2015 um 23:13 schrieb SW:
According to https://cipherli.st/
ssl = yes ssl_cert = Dovecot 2.2.6 Is what you want.
Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list = AES128+EECDH:AES128+EDH
Before I made this change clients were connecting with the following cipher in the log file:
ECDHE-ECDSA-AES256-SHA (256/256 bits)
After the change the log now says:
ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
Is this an improvement (or more secure) despite going from 256bits to 128bits?
yes it is because AES-GCM is currently the best cipher suite while there is no point for AES256, if AES128 will fall then it likely affects AES256 too and according to Brcue Schneier years ago AES128 has even less problems then AES256 (too lazy for google it again)
Well, I am working in the crypto field and was a bit astonished about this "rant" - so a quick search brought up https://www.schneier.com/blog/archives/2009/07/another_new_aes.html - for those who want it more compact http://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-an....
Bottom line: AES256 *IS* better than AES128 for the intended usage but it is also true that AES-GCM rules out other AES based block ciphers for other kinds of attacks, so there is no "black or white" answer. To be honest, I wont worry on this - people who are in the position to break even a 128bit key will most likely find other ways to get into your mail communication ;)
Oliver
-- Protect your environment - close windows and adopt a penguin!