From another board about the same article:
Well, I'm playing with X509 certs (SSL e-mail) myself and yes, they can be cracked. If you spend enough CPU time and resources.
Problem is that SSL default encryption scheme is RC2 40 bits. US gov allows this for export. The idea is that ppl from "friendly nations" can download the "strong encryption" package from M$. "enemy states" can't. The certs can also be "weak" or "strong".
If a "senders" cert "knows" that "recipient" cert supports "high encryption", the encryption scheme is "cranked up" to the highest scheme both support. Thus if "enemy user" don't have "high encryption package" and "low encryption cert" only "weak encryption" is used. And can be cracked. It will take a P4 2 Ghz about 2 years to crack one e-mail with this system, but I'm sure the NSA has better equipment.
As in many encryption systems there are many coding algorithms. Some are weaker then others. DES is weak. AES and RSA for example are strong.
It is possible to use "extra strong" encryption schemes with SSL (like AES-1024 with 3DES coded keys, MD5 hash etc) but those coding algorithms are export restricted. Everyone can download and compile them from internet if you're a bit handy. I'm fairly sure that cracking of those systems is extremely difficult. However, I "know" that the NSA monitors those "extra strong" coded e-mails, if you're using it with someone outside USA.
So yea, I'm a bit afraid to issue those certs. Suppose some terrorist uses "my certs" to plan an attack on America (or The Netherlands)? I wouldn't sleep for the rest of my life.
I also know that the NSA monitors the events in the
www.openssl.org, and many American experts are very reluctant to tell about the high encryption systems
Please Scroll Down to See Forums Below 
