It looks like the S/MIME implementation only allows you to choose between SHA1 and weaker signing algorithms and 3DES and weaker encryption algorithms. Is there any plan to put in stronger algorithms? IE has up to SHA512 and AES256.
Hi,
sorry for the delayed reply. I will discuss this with our developers so hopefully we will implement it in one of the next updates.
Hey,
+1 to Randy.
George, what is the result of your discussion with your developers?
tipu
+1
Hi, any news on SHA512 and AES256?
Hello AES is currently supported by the application, however the UI is out of track a little, we’ll be working on improvements to include AES in the list of possible algorithms - however if you add the certificate to the application with specified algorithm (AES) to use, eM client should be able to use the certificate and the specific method.
Are you using these encryption methods with your certificate, as this kind of security is kind of unusual. Note that 3DES encryption is considered as secure as AES, however AES is considered to be a little bit faster.
Regards,
Hi Paul,
You’re right, 3DES and AES are both considered secure.
But if you have rules specifying a minimum of 128 bits of encryption for confidential data, then 3DES is not enough.
AES256 is recommended here:
https://www.globalsign.com/en/resources/white-paper-smime-compatibility.pdf
SHA1, however, is deprecated and we should avoid using it:
http://csrc.nist.gov/groups/ST/hash/policy.html
SHA512 and AES256 are my recommended settings for Outlook. Of course, having 3DES and SHA1 helps with compatibility.
Sincere regards, keep with the good work,