Cross-platform email crypto questioned
Postings by a well-known crypto expert are sparking controversy over just how reliable cross-platform encryption is using different vendors' email programs.
Encryption specialist Bruce Schneier said today that he has written a program that cracks a particular encryption algorithm known as 40-bit RC2 when it runs on an encryption system called S/MIME.
Software companies have warned for years that the algorithm is vulnerable to attack, but RC2 is still necessary to send encrypted messages using products from different companies, Schneier contends. But Both Netscape and RSA Data Security, which designed S/MIME, sharply disagreed.
"If you want to be guaranteed that the recipients [using different companies' software] can read your encrypted message, you're pretty much stuck with RC2 40 bit," Schneier said. He added that his program did not demonstrate a problem with S/MIME itself but only with the way software companies have chosen to implement it.
"[Email users] need to know that it's their responsibility to make sure that their [communications] are secure," Schneier warned. "Big companies aren't necessarily looking out for their best interests."
Schneier's claims are being vehemently disputed, however. "The comment that the only way you can communicate from Netscape to some other vendor is by using 40-bit RC2 simply is not true," said Dave Andrews, senior product manager at Netscape. He said Communicator can use a much more powerful 128-bit key that works with a number of other email programs, including Baltimore Technologies' MailSecure 1.0, Entrust Technologies' Entrust, and OpenSoft's ExpressMail.
Tim Matthews, a product manager at RSA, also challenged Schneier's assertions. "We have a whole Web page dedicated to interoperability testing of S/MIME," he said.
The two also stressed that they have suspected for years that 40-bit keys were easy to break. In fact, a student at the University of California at Berkeley cracked a 40-bit encryption key last January in a contest that RSA sponsored in order to demonstrate the key's vulnerability.
Schneier said he will post a copy of the program to his Web site Monday.