I'm sorry, but I have to disagree on that one. S/MIME DOES use 40 bit RC2, by the standard, but the standard specifically states the weakness of those keys, and recommends using another implementation. The standard strongly recommends the use of triple-DES, and apparently the Communicator and Outlook S/MIME triple-DES now interoperates properly. Deming has also had a plugin which does triple-DES for quite a while. In addition, individual vendors are allowed to put in any other algorithms into an S/MIME implementation that they desire - for example, the default algorithm in Entrust's S/MIME implementation is CAST-128. The point that I'm trying to make here is that while PGP defines both algorithm and protocol, S/MIME just defines protocol. As long as you have two clients which share common algorithms, then you can use any algorithms that you like with S/MIME. ian ---------- From: Jonathan Wienke [SMTP:JonWienk@ix.netcom.com] Sent: Monday, November 03, 1997 9:34 PM To: Nobuki Nakatuji; cypherpunks@toad.com Subject: Re: S/MIME At 08:49 PM 11/2/97 PST, Nobuki Nakatuji wrote:
Is S/MIME secure than PGP ?
No. S/MIME uses 40 bit keys, which are trivially breakable by paralell brute-force key search attacks. Jonathan Wienke