[930] in Kerberos_V5_Development
Another attempt at Triple-DES string-to-key
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Oct 24 18:33:04 1995
Date: Tue, 24 Oct 1995 18:32:24 -0400
To: tytso@MIT.EDU
Cc: eichin@MIT.EDU, krbdev@MIT.EDU
Cc: carson@lehman.com
From: "Richard Basch" <basch@lehman.com>
Triple-DES string-to-key:
1. Concatenate the input string and optional salt (appended).
2. Fanfold the resulting string into 24 bytes (instead of 8)
3. Fix the key parities, and do a Triple-DES CBC encryption of the
concatenated string (padded to a cblock, containing at least 24 bytes)
4. Retrieve the final 24 bytes of encrypted information (analagous to
how the DES MAC is computed).
Triple-DES CBC mode:
1. Do Triple-ECB mode on each block, and chain the result into the next block.
Only one ivec is used, as that primes the block, into which the clear text
blocks are xor'd before the ECB encryption. Encryption is performed
by doing E-D-E with three separate keys.
Does this sound reasonable?
Richard Basch
Lehman Brothers, Inc. Email: basch@lehman.com
101 Hudson Street 33rd Flr. Fax: +1-201-524-5828
Jersey City, NJ 07302 Voice: +1-201-524-5049
