[Ach] Dovecot DH parameters

Leon Weber leon at leonweber.de
Wed Feb 11 13:04:38 CET 2015


On 10.02.2015 14:33:13, Hanno Böck wrote:
> There's no security advantage of eihter using pre-defined parameters by
> the application or your own. It just doesn't matter. If dovecot uses
> 1024 bit you should use your own.

Okay, thanks for the correction.

Then there’s still the issue Aaron mentioned: the possibility of my
generated parameters being insecure.

What’s the issue there, exactly?  Is that about small subgroup attacks,
which, afaik, can be prevented by using safe primes for generating the
parameters, or are there any other risks?

If there are risks with self-generated params, then I’d be interested to
learn what exactly these risks are, because the alternative would be to
use pre-generated params – which people would need to fetch from a
trustworthy source, which is non-trivial as well.

If not, then it should be safe to use self-generated params as long as
the implementation makes sure to use safe primes, right?  At least
openssl claims to do that.

Does that make some sense, or am I completely wrong here? :)

    -- Leon.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20150211/013589fb/attachment.sig>


More information about the Ach mailing list