Florian Weimer schrieb: > * Ralf G. R. Bergs: > >> I posted about this problem into the Opera forum (see >> http://my.opera.com/community/forums/topic.dml?id=167205), and received >> the following reply from one of the Opera developers: >> >> <quote> > [...] >> IMO the length of that key should match the keylength of the >> certificate, but to get level 3 encryption it must be at least 1024 bits >> long. >> </quote> > > You cannot directly compare the RSA and DH bit counts, the underlying > mathematical problems are not the same (discrete logarithms are > harder). There is one prominent study that treats them as equivalent, > but their model is more or less pulled out of thin air. We simply do > not know enough about cryptography to give definite advice on key > lengths. > > But perhaps we should change src/tls-gnu.c and increase this constant: > > #define DH_BITS 768 > > NIST recommends to use 1024 bits. BSI (the German one, not the > British) recommends 1280 bits. Both do not really differentiate > between ephemeral session keys and long-term keys. But bumping the
But it makes quite a difference how you use them... :-) > value is easy and probably the right thing to do from a PR angle. I doubt that it's a good idea to just change something to look good from a PR point of view. :-) What I *do* consider important, tho, is that we get the Opera guys and Exim to agree upon what is safe and what is unsafe. What do you think about this? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
