Counterpane Labs Releases Windows 95-compatible S/MIME 40-bit RC2 Cracking ScreenSaver
What I did: write a Windows 95 screen saver that automatically brute forces 40-bit RC2 keys. The screen saver has an easy interface, and parallelizes nicely.
Why I did it: to
What I didn't do: break S/MIME. I did not find any flaw in the S/MIME security specification. I did not find any flaw in any of the cryptographic algorithms used. I did not find any flaw in any software implementation of S/MIME. There is nothing wrong with the S/MIME standard.
What I found, though, is that some S/MIME implementations didn't interoperate at anything stronger than 40-bit RC2. (I did this research in May 1997; things may have changed since then.) I also found that the default encryption was 40-bit RC2, and that the user wasn't given any indication that the encryption level should be changed. And, of course, 40-bit RC2 is all foreign users ever get.
40-bit RC2 is weak. This is nothing new to anyone who reads the S/MIME specifications. In fact, the S/MIME specification is very forthcoming in discussing the security of 40-bit RC2.
Later in the spec, the following appears:
Before sending a message, the sending agent MUST decide whether it is willing to use weak encryption for the particular data in the message. If the sending agent decides that weak encryption is unacceptable for this data, then the sending agent MUST NOT use a weak algorithm such as RC2/40. The decision to use or not use weak encryption overrides any other decision in this section about which encryption algorithm to use.
And even later:
184.108.40.206 Rule 3: Unknown Capabilities, Risk of Failed Decryption
2.6.3 Choosing Weak Encryption
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.