From: Richard Basch Date: Tue, 12 Dec 1995 19:32:45 +0000 (+0000) Subject: * 3-des.txt: Updated to include some of the randomness throughout X-Git-Tag: krb5-1.0-beta6~707 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=2b08d8c0a9968b46c8b047df43fdb19a1a8fac9d;p=krb5.git * 3-des.txt: Updated to include some of the randomness throughout the entire key. The second 3-DES CBC encryption of the block should use an ivec of the last cipher block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7206 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/doc/krb5-protocol/3-des.txt b/doc/krb5-protocol/3-des.txt index 05dc378b5..ce6484547 100644 --- a/doc/krb5-protocol/3-des.txt +++ b/doc/krb5-protocol/3-des.txt @@ -26,10 +26,12 @@ produce three DES keys sans parity. The 168 bits are then expanded to include odd parity, for use within the DES routines. If any of the keys are weak or semi-weak, they are strengthened by eXclusive-ORing the questionable key with the constant 00000000000000F0. The three DES keys -are then used to encrypt themselves in 3-DES CBC mode. This result is -once again encrypted using the same keys and key schedule, and the -result is parity adjusted. If the final result yields weak or semi-weak -keys, they are also strengthened in the same manner as the input keys. +are then used to encrypt themselves in 3-DES CBC mode with a zero +initial vector. This result is once again encrypted using the same keys +and key schedule and an initial vector of the last eight octets. The +result is then parity adjusted. If the final result yields weak or +semi-weak keys, they are also strengthened in the same manner as the +input keys. The n-fold operation used by the string-to-key algorithm replicates the input bit array X until its length is the least common