On 9/24/2013 1:48 AM, Marios Titas wrote:
Currently, dovecot generates two primes for Diffie-Hellman key exchanges: a 512-bit one and a 1024-bit one. In light of recent events, I think it would be wise to add support for 2048-bit primes as well...
Why play incremental tiddly-winks with the NSA? Go straight to 1048576 bit encryption. That'll surely keep them out. Oh, wait, all of your email leaves and arrives via public SMTP, which nobody encrypts...
NSA doesn't sniff the wire. They don't crack encryption. Neither are cost effective. They go straight to the source, intimidating the service provider into giving them the data, unencrypted. Or they don't get the data at all. So how does greater encryption help anyone "in light of recent events"?
-- Stan