Re: OT: Microsoft does it again?!

John E. Hadstate wrote:
I sent an encrypted e-mail to myself (at a different e-mail address) using Outlook 2000 at work the other day. Upon checking the received message, I noticed that Outlook was no longer using 3DES for encryption, in spite of the fact that I specified that in my security settings. Today I repeated the experiment at home with Outlook Express and found the same thing. Both clients are using 40-bit RC2 for encryption, even though everything indicates that 3DES should be used. Worse, with Outlook 2000, the only way you can find this out is to explicitly check the blue padlock icon on the received message; it does not tell you this when you encrypt the message. Outlook Express has settings that allow you to get a warning if the encryption key is shorter than it should be.

This has not been the case until very recently. Does anyone have any clues about what's going on here?

Has that particular copy of Outlook 2000 ever used 3DES? When I used it, Outlook 2000 as shipped would only use exportable ciphers. There was some kind of upgrade that you had to find, download, and install to get it to use 3DES. They don't make it easy.

--Mike Amling
.