Hi all, the IM Observatory displays use of the DHE key exchange and there is a note "Ephemeral Diffie-Hellman is a key exchange algorithm with forward secrecy. The security depends on the Diffie-Hellman parameters used by the server". But the actual strength of the DH parameters is not displayed.
This information is quite important because during DHE key exchange a temporary key is generated. This temporary key is used for encryption of the communication and the server public RSA key is used ONLY for signing of this temporary key and NOT for encryption of the communication. The problem is that in many cases the temporary key much shorter than the server RSA key. For example the server jabber.ccc.de uses 2048 bit RSA public key, but the length of the temporary key is only 1024 bit. The public key score is 90, cipher score is 90 http://xmpp.net/result.php?domain=jabber.ccc.de&type=server Many administrators enable forward secrecy, but because they set incorrect DH parameters they weaken the encryption. Please display the actual strength of DH parameters and use it also to calculate the score. https://wiki.openssl.org/index.php/Diffie-Hellman_parameters https://wiki.openssl.org/index.php/Diffie_Hellman
signature.asc
Description: OpenPGP digital signature
