[Ach] 9.2.1 Dovecot, some additions, questions

christian mock cm at coretec.at
Wed Nov 20 16:42:14 CET 2013

On Tue, Nov 19, 2013 at 10:40:52PM +0100, Pepi Zawodsky wrote:
> On 19.11.2013, at 22:37, L. Aaron Kaplan <kaplan at cert.at> wrote:
> >> ssl_parameters_regenerate = 168 # Value in hours, aka 168h ≈ 1w
> >> Does 24h sound reasonable? More or less?
> > For a typical server yes, for an embedded device no.
> Dovecot on embedded systems is a thing? 

Firstly: does it really make sense to regularily regenerate dhparams
at all? 

I know it makes sense to generate them yourself, but once should be
enough, shouldn't it?

Then, don't forget many people are running their (internet-facing)
home servers on power-efficient small boxes, such as ARM-based NASes
or raspberry pi.


openssl dhparam -5 512
i7-3630QM:     <1 sec
raspberry pi: 1m 30s

openssl dhparam -5 1024
i7-3630QM:    18s
raspberry pi:  9m 17s

Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list