similar to: FREAK/Logjam, and SSL protocols to use

>It is not at this point emphasized anywhere, including on weakdh.org, that it is actually of high importance to regenerate your DH parameters frequently. That's not really correct. If you're using a prime of length at least 2048 bits, then the corresponding discrete-log problem is well-beyond the pre-computation ability of the NSA (or anyone else). It is computationally intensive to

>But when you write NOT to regenerate, are you saying that using larger primes makes regenerating unnecessary, or are you telling us that it's somehow harmful? For a given computational effort, you get the most bang-for-the-buck by choosing large parameters (and checking very carefully that they are "safe") rather than smaller parameters (and/or checking them less carefully)

On 05/26/2015 10:37 AM, Ron Leach wrote: > > https://weakdh.org/sysadmin.html > > includes altering DH parameters length to 2048, and re-specifying the > allowable cipher suites - they give their suggestion. It looks like there is an error on this page regarding regeneration. In current dovecots ssl_parameters_regenerate defaults to zero, and this means regeneration is

On 05/27/2015 09:55 AM, Rick Romero wrote: > Quoting Gedalya <gedalya at gedalya.net>: > >> On 05/26/2015 10:37 AM, Ron Leach wrote: >>> https://weakdh.org/sysadmin.html >>> >>> includes altering DH parameters length to 2048, and re-specifying the >>> allowable cipher suites - they give their suggestion. >> >> It looks like there

On 27/05/2015 05:22, Gedalya wrote: > It looks like there is an error on this page regarding regeneration. > In current dovecots ssl_parameters_regenerate defaults to zero, and > this means regeneration is disabled. The old default was 168 hours (1 > week). > The language on http://wiki2.dovecot.org/SSL/DovecotConfiguration is > confusing and could be understood to mean that the

Quoting Gedalya <gedalya at gedalya.net>: > On 05/27/2015 09:55 AM, Rick Romero wrote: >> Quoting Gedalya <gedalya at gedalya.net>: >> >>> On 05/26/2015 10:37 AM, Ron Leach wrote: >>>> https://weakdh.org/sysadmin.html >>>> >>>> includes altering DH parameters length to 2048, and re-specifying the >>>> allowable

Quoting Gedalya <gedalya at gedalya.net>: > On 05/26/2015 10:37 AM, Ron Leach wrote: >> https://weakdh.org/sysadmin.html >> >> includes altering DH parameters length to 2048, and re-specifying the >> allowable cipher suites - they give their suggestion. > > It looks like there is an error on this page regarding regeneration. In > current dovecots

List, good afternoon, I was reading up on a TLS Diffie Hellman protocol weakness described here https://weakdh.org/sysadmin.html which is similar to the earlier FREAK attack, and can result in downgrade of cipher suites. Part of the solution workaround that the researchers describe for Dovecot here https://weakdh.org/sysadmin.html includes altering DH parameters length to 2048, and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's the output from running sshd in debug mode: debug1: sshd version OpenSSH_3.7p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: setgroups() failed:

> *** openbsd-compat/bsd-nextstep.h.orig Sun Feb 4 00:16:16 2001 > --- openbsd-compat/bsd-nextstep.h Sun Feb 4 00:19:09 2001 > *************** > *** 48,52 **** > --- 48,56 ---- > speed_t cfgetispeed(const struct termios *t); > int cfsetospeed(struct termios *t, int speed); > int cfsetispeed(struct termios *t, int speed); > + > + /* LIMITS */ > + #define

Are there any plans to include support for SRP or a similar zero-knowledge password protocol into OpenSSH? -- Jeremy

On MacOSX 10.6, I get: ld: duplicate symbol _cmd_batch in dsync/.libs/libdsync.a(doveadm-dsync.o) and doveadm-mail-batch.o for architecture x86_64 collect2: ld returned 1 exit status make[4]: *** [doveadm] Error 1 when compiling Dovecot 2.2.0. By contrast, 2.1.16 compiled (and runs) just fine. I'm surprised that this hasn't cropped up elsewhere.

Got a /usr/local/include/dovecot/mail-deliver.h:30:17: error: field has incomplete type 'struct timeval' struct timeval delivery_time_started; ^ error. This is because mail-deliver.h in dovecot-2.2.17 is missing an #include <sys/time.h> Adding that line to mail-deliver.h fixes the problem. Oddly, I had no problem compiling dovecot

Darwin doesn't have an EDEADLOCK error code, so compilation fails on MacOSX: file-lock.c:214:16: error: use of undeclared identifier 'EDEADLOCK' if (errno == EDEADLOCK) ^ file-lock.c:262:16: error: use of undeclared identifier 'EDEADLOCK' if (errno == EDEADLOCK) ^ 2 errors

duplicate symbol _vnd_environment_extension in: ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment.o) ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment-items.o) duplicate symbol _vnd_environment_extension in:

Hello, Does the recent Logjam[1] vulnerability affect Tinc? The security section of the Tinc website says: "Although tinc uses the OpenSSL library, it does not use the SSL protocol to establish connections between daemons" What would that mean, specifically, in regards to Logjam? Thank you for your time and for providing a great piece of VPN software! [1]

An update: I found that the "ADD32: output is not int:" messages are caused by the enhancer. When I turn the enhancer off, the messages vanish, but the "freak out" of the codec is still there - so the problem seems not to be related to the overflow messages. best regards, Frank ---------- Urspr?ngliche Nachricht ---------- Von: Frank Lorenz <Frank_wtal at web.de> An:

Hi Jean-Marc, all, I didn't get any response to my issue up to now and would like to now if anyone can reproduce this behaviour and if there is some idea what happens. I am willing to fix this issue, but because I do not know the internals of speex, I need some advice on how to proceed... best regards, Frank Frank Lorenz <Frank_wtal at web.de> hat am 21. Dezember 2009 um 10:49

Hi again. I've realized exactly now that my whole system has freak date/time information on my shares: For example: 01/03/aaaa In Linux the date/times are ok, but in the Windows point of view all the files are wrong. I'm using Samba 3.0.37 with OpenLDAP as my PDC. The date/time of the server is ok, I've checked now and I've run again ntpdate. I've changed permissions and

Did not send this to speex-dev mailing list by error... -----Urspr?ngliche Nachricht----- Von: "Frank Lorenz" <Frank_wtal at web.de> Gesendet: 14.01.10 14:03:22 An: Jean-Marc Valin <jean-marc.valin at usherbrooke.ca> Betreff: Re: [Speex-dev] Fwd: Re: Fixed Point on wideband-mode: Single Frame loss on 2000 Hz sine causes "freak off" Hi Jean-Marc, The codec mostly