[Ach] 9.2.1 Dovecot, some additions, questions

christian mock cm at coretec.at
Wed Nov 20 17:42:30 CET 2013

On Wed, Nov 20, 2013 at 05:08:55PM +0100, Adi Kriegisch wrote:

> > Firstly: does it really make sense to regularily regenerate dhparams
> > at all? 
> As you want your ephemeral keys to be mostly unique (especially for many
> sessions), yes, I think so.

To *re*generate them every week? 

The dhparams file contains the prime and the generator, which both are
public anyways... The private key has to be generated afresh for every
key exchange.


Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list