[945] in Kerberos_V5_Development
3-DES string-to-key algorithm
daemon@ATHENA.MIT.EDU (Richard Basch)
Mon Nov 27 20:42:00 1995
Date: Mon, 27 Nov 1995 20:40:55 -0500
To: cvs-krb5@MIT.EDU, krbdev@MIT.EDU, tytso@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
Here is the documentation for the implementations for inclusion into RFC 1510.
n-fold
To n-fold a number X, replicate the input value to a length that is the
least common multiple of n and the length of X. Before each repetition,
the input X is rotated to the right by 13 bit positions. The successive
n-bit chunks are added together using 1's-complement addition (addition
with end-around carry) to yield a n-bit result.
Triple-DES ECB mode:
Three DES keys are used in turn to perform a DES ECB encryption of an
eight-octet data block, followed by a DES ECB decryption of the resulting
data block, followed by a DES ECB encryption of the resulting data block.
Triple-DES CBC mode:
An input data stream is padded on the right by zeroes to an eight-octet
boundary. The first eight octet block is eXclusive-ORed with an initial
vector eight-octet block. This result is triple-DES ECB encrypted with
three DES keys. Subsequent eight-octet data blocks are eXclusive-ORed
with the cipher text produced from the 3-DES ECB encryption of the previous
block and then the data block is 3-DES ECB encrypted with the same DES keys.
String to key computation:
The input string (appended with any salt data) is folded into a 24 octet
(192 bit) string. Each successive set of 8 octets is taken as a DES
key, and its parity is adjusted in the same manner as previously described.
The resulting DES keys are then used in sequence to perform a Triple-DES
CBC encryption of itself with a zero initial vector.
--
Richard Basch URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
