[952] in Kerberos_V5_Development
Re: 3-DES string-to-key algorithm
daemon@ATHENA.MIT.EDU (Richard Basch)
Wed Nov 29 23:03:18 1995
Date: Wed, 29 Nov 1995 23:01:23 -0500
To: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
Cc: Mark Eichin <eichin@cygnus.com>, cvs-krb5@MIT.EDU, krbdev@MIT.EDU,
tytso@MIT.EDU
In-Reply-To: <199511291224.MAA02151@orchard.medford.ma.us>
From: "Richard Basch" <basch@lehman.com>
Since I was avoiding the actual computation of the LCM and only using a
second buffer equivalent in length to the input buffer to contain the
rotated input, I needed to rotate around the output buffer when applying
the carry. Somehow, when I implemented it, after I processed all of the
input that I could, I decided that the remaining carry should be applied
to the lowest bits of the output buffer, rather than the next bit
position (yes, it was stupid).
Anyway, when I revisited it, I realized I could simplify some of the
computations, and I fixed that problem, and the results agreed.
---
Here is an interesting one... the specification for regular DES
string-to-key calls for checking the key to see if it is a (semi)weak
key, and XOR the key with 0xF0, if it is. The implementation does not
do this. I fixed the 3-DES case.
Ted, I wanted you to decide whether we fix the 1-DES case. Since it is
statistically improbable that this is being hit, it is probably better
to fix it. Not fixing it will allow the potential compromise of the key
and the data the key is trying to protect.
--
Richard Basch URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
