Hi folks,
Am Mi den 15. Jan 2014 um 23:36 schrieb Viktor Dukhovni:
> Note, some Debian releases patched Exim to make it "more secure",
> thereby breaking TLS handshakes with most servers, and making Exim
> less secure when Exim falls back to cleartext delivery.
That is not true. The default of 1024 bit is insecure today. It will
just give you false security using such a short value. So it is just
consequent increasing the limit and not using such keys.
However, I did not currently check the value in debian or want to say
any about any distributor. (I just see a general debian hate from some
people on the list. But bashing doesn't help.)
My point is about a false security feeling using unsecure key sizes.
Please have also a look at [0] and [1].
Regards
Klaus Ethgen
[0] http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.42.5089
[1] http://web.archive.org/web/20120401053550/http://hp.kairaven.de/pgp/gpg/keylengths.html
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C