[Operators] Please enable Forward Secrecy for your servers!

Mathias Ertl mati at fsinf.at
Mon Jul 27 18:09:33 UTC 2015

On 2015-07-21 00:19, Jonathan Schleifer wrote:
> So, 4096 bit RSA just gives you an additional 16 bits for your AES,
> while doubling the number of RSA bits more than doubles the
> computational overhead…

I consider this argument invalid. It's not because "just additional 16
bits" is wrong. Its because the "double the overhead" is completely
irrelevant. Even we have only two CPUs and still very little CPU usage.
So sure it's double. But double of next to nothing is still nothing.

greetings, Mati

twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
I only read plain-text mail!  I prefer signed/encrypted mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6044 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150727/385628b6/attachment-0001.bin>

More information about the Operators mailing list