Cross-platform email crypto questioned

Internet postings by a well-known expert on computer security are sparking controversy over just how reliable cross-platform encryption features are in email sent via programs such as Netscape's Communicator and Microsoft's Outlook Express.

Encryption specialist Bruce Schneier said today that he has written a program that cracks a particular encryption algorithm known as 40-bit RC2 when it runs on an encryption system called S/MIME.

Software companies have warned for years that the algorithm is vulnerable to attack, but RC2 is still necessary to send encrypted messages using products from different companies, Schneier contends. But Both Netscape and RSA Data Security, which designed S/MIME, sharply disagreed.

"If you want to be guaranteed that the recipients [using different companies' software] can read your encrypted message, you're pretty much stuck with RC2 40 bit," Schneier said. He added that his program did not demonstrate a problem with S/MIME itself but only with the way software companies have chosen to implement it.

"[Email users] need to know that it's their responsibility to make sure that their [communications] are secure," Schneier warned. "Big companies aren't necessarily looking out for their best interests."

Schneier's claims are being vehemently disputed, however. "The comment that the only way you can communicate from Netscape to some other vendor is by using 40-bit RC2 simply is not true," said Dave Andrews, senior product manager at Netscape. He said Communicator can use a much more powerful 128-bit key that works with a number of other email programs, including Baltimore Technologies' MailSecure 1.0, Entrust Technologies' Entrust, and OpenSoft's ExpressMail.

"I think Bruce has come up with something that is based on beta testing," Andrews added. "I can't come up with any reason why his statement would contradict what's been tested."

Tim Matthews, a product manager at RSA, also challenged Schneier's assertions. "We have a whole Web page dedicated to interoperability testing of S/MIME," he said.

Schneier said he is aware of RSA's interoperability tests but that he can't get different software versions to work using other keys.

Both companies concede that S/MIME's stronger features work only with domestic versions of their software. Because of federal regulations, most export versions still use the weaker 40-bit key, Matthews and Andrews said.

The two also stressed that they have suspected for years that 40-bit keys were easy to break. In fact, a student at the University of California at Berkeley cracked a 40-bit encryption key last January in a contest that RSA sponsored in order to demonstrate the key's vulnerability.

Schneier's program runs on Windows 95. It is designed to use computers when they are idle, just as screensavers kick in when a computer has been unused for a period of time. The program also runs on networks, allowing many computers to work at once on cracking the code.

Schneier said he will post a copy of the program to his Web site Monday.