Mailing List Archive

Stainless Steel Rat <ratinox@peorth.gweep.net> writes:

> As for mucking around with the DES key space, if you are serious about
> learning, get your hands on a copy of _Applied Cryptography_.

Or see some of the crypto FAQ: You may want to start here:

http://www.esat.kuleuven.ac.be/~bosselae/

jungmann@cwb.matrix.com.br (Thiago Jung Bauermann) writes:
> I have some questions about the thing (sorry to ask so much at the same
> time): It needs keys with 8 chars in size to work, but how can I make it so
> that the user can specify shorter keys? I padded them with spaces, is that
> secure? I also guess that the keys are not null terminated, right? Also, it
> encrypts 8 chars at a time, but how can I work with shorter blocks? And are
> they null terminated also?

3DES is three instances of DES applied in a row (the encrypt-decrypt-encrypt
sequence is historical: if you make the last two keys the same, it degenerates
into single-key DES, a vague form of backwards-compatibility). DES, like all
block ciphers, takes a fixed size key and uses it to encrypt a fixed size
block of data. Think of both the key and the data to be encrypted as a chunk
of bits, not as a sequence of characters. GPG and other PGP-ish things use a
hybrid encryption scheme, in which a random key is used to encrypt the data
(using 3DES or other symmetric block cipher) and then a public-key encryption
method is used to encrypt that random key. But if you use it in "conventional"
mode then the key is indirectly specified by the user. The usual method is
that the passphrase string typed in by the user is hashed (using SHA-1 or MD5
or some other secure hash function) into a bunch of bits, then you make the
key out of as many bits of the hash as you've got. (throwing some away if your
hash is larger than your key, duplicating some if the key is bigger than the
hash).

So you can use a short passphrase, but it always gets hashed into the same
size hash, and the chunk of bits you end up with is your key. The message is
usually chopped into blocks that match the block size of the cipher, with
random padding on the end to make it a multiple of the block size (so you
always encrypt the same number of bits as the block size, but some of those
bits may just be junk). The simplest method to encrypt an arbitrary number of
bytes that have been chopped up this way is to just encrypt each block
independently (known as ECB mode: Electronic Code Book), but this has some
problems because common blocks (say 'Subject:') will get encrypted with the
same key, and may be easy to pick out. The other modes that are usually
employed to encrypt a stream of data with a block cipher involve some form of
feedback, XORing one block with the next. 'CBC' and 'CFB' are typical modes.

I'll second Rat's recommendation of _Applied Cryptography_. It contains
everything you could want to know, and explains it all really well.

-Brian

On 6 Jan 1999, Stainless Steel Rat wrote:

> When encrypting a message, GPG randomly generates three 56-bit DES session
> keys (key1, key2, key3). The message is encrypted with key1, decrypted

Not exactly. GPG randomly generates three 64-bit DES keys.
According to the DES specification, a 64-bit DES key normally includes
eight parity bits which are not used for encryption or decryption,
resulting in 56 bits used for encryption/decryption.
In GPG and most software today, the parity bits are just ignored. They
only protect the key from changing during transport (The DES designers
thought keys will be written down to paper and will be entered in some
crypto machines by keyboard and so on).
The parity bits don't affect the DES algorithm in any way. They will be
not used by the DES algorithm.


cu
Michael