[489] in Kerberos
cbc_encrypt
daemon@TELECOM.MIT.EDU (Ted Anderson)
Fri Sep 2 15:55:56 1988
From: Ted Anderson <ota+@ANDREW.CMU.EDU>
To: kerberos@ATHENA.MIT.EDU
Cc: Mike Kazar <kazar+@ANDREW.CMU.EDU>
I've been reading up on encryption and ran accross a detailed definition of
cipher-block-chaining in "Cryptography: A New Dimension in Computer Data
Security", by Meyer and Matyas, John Wiley publisher, 1982; around page 70.
The basic idea of cipher block chaining is to provide feedback in the
encryption process that increases the effective block size of the cipher.
There are two basic ways to do this. One is uses ciphertext feedback and the
other uses plaintext-ciphertext feedback. Both accomplish hiding of patterns
in the clear text data. But only the latter accomplishes error propagation
during decryption. Since the insuring data integrity is a crucial aspect of
using DES to encrypt Kerberos tickets it is imperitive that we incorporate
plaintext feedback in our cipher-block-chaining. The Meyer&Matyas text was not
clear about which was the NBS approved method.
I looked at the code in the krb/src/lib/des/cbc_encrypt.c and found that it is
using only ciphertext feedback. A simple test program that inverted a single
bit of the first block of ciphertext produce the expected result upon
decryption. The first block of plaintext was totally garbaged, the second
block had the corresponding bit inverted and the subsequent blocks were
unaffected. I rewrote cbc_encrypt to use plaintext-ciphertext feedback (a very
simple mod) and it managed to garble all blocks of the plaintext. Is this a
known problem or did it just slip by?
If people are interested I can send a description of the fix to cbc_encrypt.
Ted Anderson
