Am 07.02.2015 um 04:47 schrieb Reindl Harald: > > Am 06.02.2015 um 23:13 schrieb SW: >> According to https://cipherli.st/ >>> ssl = yes >>> ssl_cert = </etc/dovecot.cert >>> ssl_key = </etc/dovecot.key >>> ssl_protocols = !SSLv2 !SSLv3 >>> ssl_cipher_list = AES128+EECDH:AES128+EDH >>> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 >>> Is what you want. >> >> Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list = >> AES128+EECDH:AES128+EDH >> >> Before I made this change clients were connecting with the following >> cipher in the log file: >> >> ECDHE-ECDSA-AES256-SHA (256/256 bits) >> >> After the change the log now says: >> >> ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) >> >> Is this an improvement (or more secure) despite going from 256bits to >> 128bits? > > yes it is because AES-GCM is currently the best cipher suite while there > is no point for AES256, if AES128 will fall then it likely affects > AES256 too and according to Brcue Schneier years ago AES128 has even > less problems then AES256 (too lazy for google it again) > Well, I am working in the crypto field and was a bit astonished about this "rant" - so a quick search brought up https://www.schneier.com/blog/archives/2009/07/another_new_aes.html - for those who want it more compact http://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions.
Bottom line: AES256 *IS* better than AES128 for the intended usage but it is also true that AES-GCM rules out other AES based block ciphers for other kinds of attacks, so there is no "black or white" answer. To be honest, I wont worry on this - people who are in the position to break even a 128bit key will most likely find other ways to get into your mail communication ;) Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
