Page 155 - StudyBook.pdf
P. 155
Communication Security: Remote Access and Messaging • Chapter 3 139
Transfer Protocol (SMTP) that provides the ability to pass different kinds of data
files on the Internet, including audio, video, images, and other files as attachments.
The MIME header is inserted at the beginning of the e-mail, and then the e-mail
client (such as Microsoft Outlook) uses the header to determine which program
will be used on the attached data. For example, if an audio file is attached to an e-
mail, Outlook will look at the file associations for audio files and use an audio
player, such as MediaPlayer, to open the file.
NOTE
RFC 1847 and RFC 2634 offer additional information about multi-
part/signed MIME and the specifications for S/MIME.
S/MIME
Since MIME does not offer any security features, developers at RSA Security cre-
ated S/MIME. S/MIME, like MIME, is concerned with the headers inserted at the
beginning of an e-mail. However, instead of determining the type of program to
use on a data file, S/MIME looks to the headers to determine how data encryption
and digital certificates must be handled. Messages are encrypted using a symmetric
cipher (method of encrypting text), and a public-key algorithm is used for key
exchange and digital signatures. S/MIME can be used with three different sym-
metric encryption algorithms: DES, 3DES, and Ron’s Code 2 (RC2).Windows
Mail (Vista), Outlook Express, and the new version of Thunderbird from Mozilla
all come with S/MIME installed.
Screensaver versus S/MIME
Head of the Class… tion S/MIME keys (encryption “strength” is based on the number of bits
Hacking tools come in all shapes and sizes, but this has to be one of the
strangest. A screensaver was developed that could crack 40-bit encryp-
in the key) in less than one hour. This has since been repaired in newer
versions, but it shows the level of creativity that hackers possess. To learn
more about this vulnerability, see www.wired.com/news/technology/
0,1282,7220,00.html.
www.syngress.com
