| < draft-hoffman-des40-00.txt | draft-hoffman-des40-01.txt > | |||
|---|---|---|---|---|
| Internet Draft Paul Hoffman | Internet Draft Paul Hoffman | |||
| draft-hoffman-des40-00.txt Internet Mail Consortium | draft-hoffman-des40-01.txt Internet Mail Consortium | |||
| Russ Housley | Russ Housley | |||
| SPYRUS | SPYRUS | |||
| May 14, 1996 Expires six months later | April 20, 1998 Expires six months later | |||
| Creating 40-Bit Keys for DES | Creating 40-Bit Keys for DES | |||
| Status of this memo | Status of this memo | |||
| This document is an Internet-Draft. Internet-Drafts are working | This document is an Internet-Draft. Internet-Drafts are working | |||
| documents of the Internet Engineering Task Force (IETF), its areas, | documents of the Internet Engineering Task Force (IETF), its areas, | |||
| and its working groups. Note that other groups may also distribute | and its working groups. Note that other groups may also distribute | |||
| working documents as Internet-Drafts. | working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference material | time. It is inappropriate to use Internet-Drafts as reference material | |||
| or to cite them other than as "work in progress." | or to cite them other than as "work in progress." | |||
| To learn the current status of any Internet-Draft, please check the | To view the entire list of current Internet-Drafts, please check | |||
| "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow | the "1id-abstracts.txt" listing contained in the Internet-Drafts | |||
| Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), | Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net | |||
| munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or | (Northern Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au | |||
| ftp.isi.edu (US West Coast). | (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu | |||
| (US West Coast). | ||||
| 1. Introduction | 1. Introduction | |||
| This document describes an method for shortening DES keys from 56 bits | This document describes an method for shortening DES keys from 56 bits | |||
| to 40 bits. The shortened keys are generally known as "DES-40". The | to 40 bits. The shortened keys are generally known as "DES-40". The | |||
| motivation for this weakening is that some localities (such as the | motivation for this weakening is that some localities (such as the | |||
| United States) give special preference to applications that use 40-bit | United States) give special preference to applications that use 40-bit | |||
| keys. The weakened keys are then used with the DES encryption | keys. The weakened keys are then used with the DES encryption | |||
| algorithm in the same manner as full-strength keys. | algorithm in the same manner as full-strength keys. | |||
| There are many possible methods for reducing a 56-bit key to a 40-bit | There are many possible methods for reducing a 56-bit key to a 40-bit | |||
| key. The method in this draft was chosen because one method is needed | key. The method in this draft was chosen because one method is needed | |||
| for interoperability. Further, this method has been known to | for interoperability. Further, this method has been known to | |||
| occaisionally have been approved for export from the United States. | occasionally have been approved for export from the United States. | |||
| 1.1 Discussion of this Draft | ||||
| This draft is being discussed on the "ietf-smime" mailing list. To | ||||
| subscribe, send a message to: | ||||
| ietf-smime-request@imc.org | ||||
| witht the single word | ||||
| subscribe | ||||
| in the body of the message. There is a Web site for the mailing list | ||||
| at <http://www.imc.org/ietf-smime/>. | ||||
| 2. Creating 40-Bit Keys for DES | 2. Creating 40-Bit Keys for DES | |||
| DES [DES] uses a 56-bit key. The key consists of eight 8-bit bytes; | DES [DES] uses a 56-bit key. The key consists of eight 8-bit bytes; | |||
| however the last (eighth) bit of each byte is used for parity, leaving | however the last (eighth) bit of each byte is used for parity, leaving | |||
| 56 bits of key. | 56 bits of key. | |||
| To weaken the 8-byte, 56-bit key into a 40-bit key, you set to zero | To weaken the 8-byte, 56-bit key into a 40-bit key, you set to zero | |||
| the first four bits of every other byte in the key, starting with the | the first four bits of every other byte in the key, starting with the | |||
| first byte. Stated a different way, you take the bitwise logical AND | first byte. Stated a different way, you take the bitwise logical AND | |||
| skipping to change at line 114 ¶ | skipping to change at line 105 ¶ | |||
| due to the short key length. | due to the short key length. | |||
| There are other methods for converting longer keys to shorter ones. | There are other methods for converting longer keys to shorter ones. | |||
| For example, IBM has created a patented (and significantly more | For example, IBM has created a patented (and significantly more | |||
| complex) method called "Commercial Data Masking Facility", or CDMF | complex) method called "Commercial Data Masking Facility", or CDMF | |||
| [CDMF]; other methods probably exist. These methods might result in | [CDMF]; other methods probably exist. These methods might result in | |||
| keys that produce cyphertext that is harder (or easier) to determine | keys that produce cyphertext that is harder (or easier) to determine | |||
| through brute-force. A quick comparison of CDMF and DES-40 shows that | through brute-force. A quick comparison of CDMF and DES-40 shows that | |||
| the brute-force attack against CDMF require one additional DES | the brute-force attack against CDMF require one additional DES | |||
| operation. Saving one DES operation does not seem to warrant the | operation. Saving one DES operation does not seem to warrant the | |||
| additonal complexity. | additional complexity. | |||
| A. References | A. References | |||
| [CDMF] "Design of the Commercial Data Masking Facility Data Privacy | [CDMF] "Design of the Commercial Data Masking Facility Data Privacy | |||
| Algorithm", 1st ACM Conference on Computer and Communications | Algorithm", 1st ACM Conference on Computer and Communications | |||
| Security, ACM Press, 1993. | Security, ACM Press, 1993. | |||
| [DES] ANSI X3.106, "American National Standard for Information | [DES] ANSI X3.106, "American National Standard for Information | |||
| Systems-Data Link Encryption," American National Standards | Systems-Data Link Encryption," American National Standards | |||
| Institute, 1983. | Institute, 1983. | |||
| skipping to change at line 137 ¶ | skipping to change at line 128 ¶ | |||
| Paul Hoffman | Paul Hoffman | |||
| Internet Mail Consortium | Internet Mail Consortium | |||
| 127 Segre Place | 127 Segre Place | |||
| Santa Cruz, CA 95060 | Santa Cruz, CA 95060 | |||
| (408) 426-9827 | (408) 426-9827 | |||
| phoffman@imc.org | phoffman@imc.org | |||
| Russ Housley | Russ Housley | |||
| SPYRUS | SPYRUS | |||
| PO Box 1198 | 381 Elden Street, Suite 1120 | |||
| Herndon, VA 20172 | Herndon, VA 20170 | |||
| (703) 435-7344 | ||||
| housley@spyrus.com | housley@spyrus.com | |||
| End of changes. 6 change blocks. | ||||
| 22 lines changed or deleted | 12 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||