[Ach] 9.2.1 Dovecot, some additions, questions
christian mock
cm at coretec.at
Wed Nov 20 16:42:14 CET 2013
On Tue, Nov 19, 2013 at 10:40:52PM +0100, Pepi Zawodsky wrote:
>
> On 19.11.2013, at 22:37, L. Aaron Kaplan <kaplan at cert.at> wrote:
> >> ssl_parameters_regenerate = 168 # Value in hours, aka 168h ≈ 1w
> >> Does 24h sound reasonable? More or less?
> > For a typical server yes, for an embedded device no.
> Dovecot on embedded systems is a thing?
Firstly: does it really make sense to regularily regenerate dhparams
at all?
I know it makes sense to generate them yourself, but once should be
enough, shouldn't it?
Then, don't forget many people are running their (internet-facing)
home servers on power-efficient small boxes, such as ARM-based NASes
or raspberry pi.
e.g.:
openssl dhparam -5 512
i7-3630QM: <1 sec
raspberry pi: 1m 30s
openssl dhparam -5 1024
i7-3630QM: 18s
raspberry pi: 9m 17s
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list