Menu
▾
▴
[Re-alpine-bugs] [ re-alpine-Bugs-3428168 ] S/MIME cipher is 56 bit DES, contrary to RFCs
|
From: SourceForge.net <no...@so...> - 2011-10-25 12:06:52
|
Bugs item #3428168, was opened at 2011-10-25 12:06 Message generated for change (Tracker Item Submitted) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1128048&aid=3428168&group_id=264924 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: S/MIME cipher is 56 bit DES, contrary to RFCs Initial Comment: The most recent S/MIME RFC (5751) says (in 2.7.1.2) that sending agents should use AES-128 (or tripleDES as an alternative) when the capabilities of the receiving agent are unknown. The preceding RFC 3851 says tripleDES then RC2/40, as does RFC 2633. Re-alpine 2.02 ignores these recommendations and uses 56 bit DES instead, presumably as an improvement on RC2/40 (though DES isn't really adequate either, these days). It's a one-liner to bring Re-alpine in line with RFC 5751 in this respect: --- pith/smime.c.aes128 2011-10-25 11:37:54.000000000 +0100 +++ pith/smime.c 2011-10-25 11:43:08.000000000 +0100 @@ -1330,7 +1330,9 @@ dprint((9, "encrypt_outgoing_message()")); smime_init(); - cipher = EVP_des_cbc(); +// cipher = EVP_des_cbc(); +// AJB 20111025 - upgrade to 128 bit AES as per RFC5751 + cipher = EVP_aes_128_cbc(); encerts = sk_X509_new_null(); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1128048&aid=3428168&group_id=264924 |