[Dovecot] 2048-bit Diffie-Hellman parameters

Stan Hoeppner stan at hardwarefreak.com
Tue Sep 24 12:21:36 EEST 2013


On 9/24/2013 1:48 AM, Marios Titas wrote:
> Currently, dovecot generates two primes for Diffie-Hellman key
> exchanges: a 512-bit one and a 1024-bit one. In light of recent
> events, I think it would be wise to add support for 2048-bit primes as
> well...

Why play incremental tiddly-winks with the NSA?  Go straight to 1048576
bit encryption.  That'll surely keep them out.  Oh, wait, all of your
email leaves and arrives via public SMTP, which nobody encrypts...

NSA doesn't sniff the wire.  They don't crack encryption.  Neither are
cost effective.  They go straight to the source, intimidating the
service provider into giving them the data, unencrypted.  Or they don't
get the data at all.  So how does greater encryption help anyone "in
light of recent events"?

-- 
Stan





More information about the dovecot mailing list