Re: bits of encryption

Fri, 11 Nov 2016 12:44:57 -0800 

On 11/11/2016 11:00 AM, Alice Wonder wrote:

On 11/11/2016 03:21 AM, li...@lazygranch.com wrote:

So is this level of encryption something openssl sets up? ‎That is
where do I set the parameter?

  Original Message
From: Sven Schwedas
Sent: Friday, November 11, 2016 3:15 AM
To: li...@lazygranch.com; postfix-users@postfix.org
Subject: Re: bits of encryption

On 2016-11-11 12:08, li...@lazygranch.com wrote:

That does explain a lot, but why when I "talk to myself" (send myself
email)
do I get a lower grade (less bits) of encryption than when another
server is
sending mail? Is there some parameter I need to set in postfix?‎


Which particular algorithm gets chosen is usually up to the TLS client
(which can be another server connecting to yours): At the start of the
connection, client and server tell each other what ciphers they support,
and the client picks one.

There's pros and cons to 128 bit and 256 bit ciphers (128 bit is good
enough and faster; 256 bit has more safety margin against *some* attacks
– but not all), some programs prefer one or the other. You'll have to
look up whether you can tell your particular client software to prefer
256 bit ciphers, if you want to.


Mozilla products often prefer 128-bit AES rather than 256-bit because of
concerns that 256-bit may make certain types of timing attacks easier.
The same may be true of other cipher suites.


*snip*
Correcting myself, I did a little reading. It's related key attacks where AES-128 is more secure than AES-256 but related key attacks require special conditions that often are not met (and I don't believe are met in a mail server) and even when they are met, related key attacks on AES-256 are not real-world realistic. 

http://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions

and

https://en.wikipedia.org/wiki/Related-key_attack
are two of the sources I read. Point being AES-128 or AES-256 are both sufficient for security. The latter requires more CPU power than the former, but both are real world secure. Attackers would attack something other than the cipher.

Reply via email to