Re: [exim] Diffie-Hellman?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Klaus Ethgen
Date:  
À: exim-users
Sujet: Re: [exim] Diffie-Hellman?
Hi folks,

Am Mi den 15. Jan 2014 um 23:36 schrieb Viktor Dukhovni:
> Note, some Debian releases patched Exim to make it "more secure",
> thereby breaking TLS handshakes with most servers, and making Exim
> less secure when Exim falls back to cleartext delivery.


That is not true. The default of 1024 bit is insecure today. It will
just give you false security using such a short value. So it is just
consequent increasing the limit and not using such keys.

However, I did not currently check the value in debian or want to say
any about any distributor. (I just see a general debian hate from some
people on the list. But bashing doesn't help.)

My point is about a false security feeling using unsecure key sizes.
Please have also a look at [0] and [1].

Regards
Klaus Ethgen

[0] http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.42.5089
[1] http://web.archive.org/web/20120401053550/http://hp.kairaven.de/pgp/gpg/keylengths.html
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C