|
Brought to you by:
Suppliers of:
|
|
|
| |
Credit:
Counterpane's 40 bit RC2 brute force cracking application: http://www.counterpane.com/smime.html
This package is for Windows 95/NT, but counterpane plans on porting this package to other platforms as well.
|
| |
In order to show how insecure S/MIME 40bit encryption is, Counterpane systems have released a tool that tries to brute-force an S/MIME encrypted e-mail message, by translating an S/MIME encrypted message to RC2 format, and then trying all the possible keys to decrypt the message.
This 40-bit search is feasible on today's strong computers, and Counterpane systems found a way to do it even faster; a weakness in the RC2 encryption algorithm speeds up the search considerably.
The nicest thing about this tool is that it was designed to operate using idle machine time.
This brute-force utility comes in two forms:
- Command line: running from the command line in low priority (under Windows NT) which means it doesn't interfere with the normal work, but takes advantage of 'wasted' idle CPU time
- Screen Saver: displays a nice screen saver, while continuing to break the cipher. The utility is also designed for distributed computing: The search space can be divided between many machines (just think about replacing the screen savers in your office with this one: With just a dozen Pentium computers it's possible to reach hundreds of CPU hours every day - all working on decoding the e-mail)
Both programs save state automatically, so they can be interrupted and then continued.
The source code is available for this package. This source code can be used to decrypt other algorithms: simply replace the decryption code with your own.
The release of these utilities should serve as a warning to people who use export-level encryption (which is 40 bit encryption). Breaking such encryption is very feasible using today's computation power.
|
|
|
|
|
