* 3-des.txt: Updated to include some of the randomness throughout

		the entire key.  The second 3-DES CBC encryption of the block
		should use an ivec of the last cipher block.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7206 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 6 insertions, 4 deletions

diff --git a/doc/krb5-protocol/3-des.txt b/doc/krb5-protocol/3-des.txt
index 05dc378b56..ce64845470 100644
--- a/doc/krb5-protocol/3-des.txt
+++ b/doc/krb5-protocol/3-des.txt
@@ -26,10 +26,12 @@ produce three DES keys sans parity.  The 168 bits are then expanded to
 include odd parity, for use within the DES routines.  If any of the keys
 are weak or semi-weak, they are strengthened by eXclusive-ORing the
 questionable key with the constant 00000000000000F0.  The three DES keys
-are then used to encrypt themselves in 3-DES CBC mode.  This result is
-once again encrypted using the same keys and key schedule, and the
-result is parity adjusted.  If the final result yields weak or semi-weak
-keys, they are also strengthened in the same manner as the input keys.
+are then used to encrypt themselves in 3-DES CBC mode with a zero
+initial vector.  This result is once again encrypted using the same keys
+and key schedule and an initial vector of the last eight octets.  The
+result is then parity adjusted.  If the final result yields weak or
+semi-weak keys, they are also strengthened in the same manner as the
+input keys.
 
 The n-fold operation used by the string-to-key algorithm 
 replicates the input bit array X until its length is the least common