Both Encryption Management Server and Encryption Desktop add the following warnings to certain decrypted S/MIME email messages: * PGP Warning: The sender encrypted this message using weak S/MIME encryption * PGP Warning: The sender signed this message using the weak MD5 algorithm
Encryption Management Server 3.3 and above.
Encryption Desktop 10.3 and above.
If an S/MIME message uses the 40-bit or 128-bit RC2 cipher for encryption, it is considered weak by Encryption Management Server and Encryption Desktop and the following warning is added to the decrypted message: * PGP Warning: The sender encrypted this message using weak S/MIME encryption
The security of the MD5 algorithm is severely compromised, therefore if this algorithm is used for signing, the following warning is added to the decrypted message: * PGP Warning: The sender signed this message using the weak MD5 algorithm
These warnings are generated only when the sender uses MD5 and/or 40-bit or 128-bit RC2.
Note that these warnings were added to the product prior to 2010.
Notify the sender that they should use a stronger cipher for encryption and stop using MD5 for signing. The email application that the sender uses will determine whether they are able to do this.
For example, by default, Microsoft Outlook 2013 uses the following settings. Note that neither MD5 or RC2 (40-bit) is supported but RC2 (128-bit) is still supported:
Hash algorithm: SHA1. The following are also supported: SHA256, SHA385, SHA512.
Encryption algorithm: AES (256-bit). The following are also supported: AES (192-bit), 3DES, AES (128-bit), RC2 (128-bit), RC2 (64-bit).
Note that by default, for outbound S/MIME messages, Encryption Management Server uses SHA1 and 3DES (168-bit).
Subscribing will provide email updates when this Article is updated. Login is required.