Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Sep 2014 20:44:44 +0000
From: augustin <>
Subject: Re: attacking RC2 40-bit S/MIME encrypted emails

>> long time ago, Bruce Schneier published a tool for Windows 95 to
>> attack S/MIME encrypted emails that use RC2 for encryption with
>> 40bit long keys.
>> code:
>> I had a look at john formats but did not find anything related.
>> Does john support that type of encryption or will it be supported
>> in the future?
> It doesn't, and I doubt anyone was planning to write it. Is RC2/40
> still used at all anywhere?

'openssl smime -encrypt' uses RC2/40 by default according to documentation.

fedora 20 (openssl-1.0.1e-39)/ubuntu 14.04/rhel 6.4:
	man smime: "If not specified 40 bit RC2 is used."

so an implementation would probably still be useful these days.

The latest documentation from
mentions 3DES though:
"If not specified triple DES is used."

> Are there sample plaintexts available somewhere, to be used as test
> vectors?

Using 'openssl smime' should be fine to create test vectors?

What kind of cracking speed would you expect of an implementation using
the optimization mentioned in Bruce' documentation?

How long would it take on a modern CPU/GPU for one 40bit key approx.?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.