Hi,
The man page for the smime utility documents this about the symmetric
cipher selection:
If not specified 40 bit RC2 is used. Only used with -encrypt.
This policy is implemented at line 545 of apps/smime.c as of openssl-1.0.1g.
This algorithmic default is unreasonable today. There must be scripts
and mailer integrations that do not specify a ciphersuite because
their developers believed that the defaults for smime -encrypt would
be reasonable for sending S/MIME messages, which is a main purpose of
this utility. As a result, I expect that S/MIME messages are getting
sent over the Internet somewhere encrypted only with RC2-40, which my
desktop PC can break by brute force in a couple of days.
I would suggest changing the default to aes-256-cbc (to minimize
compatibility problems) and asking somebody knowledgeable to look
at what smime is doing with IVs and MACs to ensure that it's sane.
(I'm sure there are safer block cipher modes than CBC; they just might
be more controversial as defaults for backwards compatibility with
older OpenSSLs.)
If the developers feel that a new default would somehow still create
compatibility problems, I suggest the alternative of removing the default
entirely and forcing the user to choose a ciphersuite. That policy is
probably as simple to adopt as changing line 544 to "#if 0" and updating
the documentation about the default elsewhere. This change would at
least guarantee that people using smime in scripts and as a callout from
MUAs have spent a moment thinking about what a sane and reasonable choice
of block cipher would be.
--
Seth Schoen <[email protected]>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
