The most recent S/MIME RFC (5751) says (in 18.104.22.168) that sending agents should use AES-128 (or tripleDES as an alternative) when the capabilities of the receiving agent are unknown. The preceding RFC 3851 says tripleDES then RC2/40, as does RFC 2633.
Re-alpine 2.02 ignores these recommendations and uses 56 bit DES instead, presumably as an improvement on RC2/40 (though DES isn't really adequate either, these days).
It's a one-liner to bring Re-alpine in line with RFC 5751 in this respect:
--- pith/smime.c.aes128 2011-10-25 11:37:54.000000000 +0100
+++ pith/smime.c 2011-10-25 11:43:08.000000000 +0100
@@ -1330,7 +1330,9 @@
- cipher = EVP_des_cbc();
+// cipher = EVP_des_cbc();
+// AJB 20111025 - upgrade to 128 bit AES as per RFC5751
+ cipher = EVP_aes_128_cbc();
encerts = sk_X509_new_null();