From 20567de7ffa941e1595ffa7603e40f457cd76fd0 Mon Sep 17 00:00:00 2001 From: Richard Basch Date: Tue, 12 Dec 1995 02:29:33 +0000 Subject: * 3-des.txt: Revised 3-DES String-To-Key algorithm to encrypt the folded result twice in the folded key. [Courtesy Uri Blumenthal] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7193 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/krb5-protocol/3-des.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'doc/krb5-protocol') diff --git a/doc/krb5-protocol/3-des.txt b/doc/krb5-protocol/3-des.txt index e2325e84fa..05dc378b56 100644 --- a/doc/krb5-protocol/3-des.txt +++ b/doc/krb5-protocol/3-des.txt @@ -23,11 +23,13 @@ password into a 3-DES key is a one-way function, evenly distributing the user's input in the resulting key. The user's input is appended with the salt information (typically the realm name), and 168-folded to produce three DES keys sans parity. The 168 bits are then expanded to -include odd parity, for use within the DES routines. The three DES keys -are then used to encrypt themselves in 3-DES CBC mode, and the result is -parity adjusted. Any weak or semi-weak DES keys are first strengthened -by eXclusive-ORing the key with the constant 0x00000000000000F0 prior to -its use. +include odd parity, for use within the DES routines. If any of the keys +are weak or semi-weak, they are strengthened by eXclusive-ORing the +questionable key with the constant 00000000000000F0. The three DES keys +are then used to encrypt themselves in 3-DES CBC mode. This result is +once again encrypted using the same keys and key schedule, and the +result is parity adjusted. If the final result yields weak or semi-weak +keys, they are also strengthened in the same manner as the input keys. The n-fold operation used by the string-to-key algorithm replicates the input bit array X until its length is the least common -- cgit