[1019] in linux-security and linux-alert archive
[linux-security] des_setparity security problem
daemon@ATHENA.MIT.EDU (Pete Chown)
Mon Aug 19 19:29:18 1996
Date: Sat, 17 Aug 1996 11:37:49 +0100
From: Pete Chown <pc@dale.dircon.co.uk>
To: linux-security@tarsier.cv.nrao.edu
Am I wrong or is there a big weakness in the Linux implementation of
des_setparity? DES is supposed to start with a 64 bit key which then
has a parity added, giving an effective key length of 56 bits.
The Linux implementation, however, manages to lose 16 bits, not 8. The
bottom bit of each byte is converted to a parity, which is correct.
However, the top bit is masked off at the same time. This gives an
effective key length of only 48 bits, which is effectively useless.
---------------------------------------------------------------------
Pete.Chown@dale.dircon.co.uk "The Pen is mightier than the Quill."
"Where do you want to crash today?" (tm)