From: Richard Basch Date: Fri, 1 Dec 1995 21:25:08 +0000 (+0000) Subject: Description of 3-DES algorithms X-Git-Tag: krb5-1.0-beta6~761 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d27a5e2cbf03214676f4bb79edc58f49394de99d;p=krb5.git Description of 3-DES algorithms git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7146 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/doc/krb5-protocol/3-des.txt b/doc/krb5-protocol/3-des.txt new file mode 100644 index 000000000..8023801a2 --- /dev/null +++ b/doc/krb5-protocol/3-des.txt @@ -0,0 +1,77 @@ +For inclusion into RFC 1510 +--------------------------- +The assigned encryption type designating the use of triple DES is 5. + +The assigned checksum type designating the use of encrypting and MD5 +checksum with triple DES keys is 9. + +Triple DES is implemented using three DES keys. An Electronic CodeBook +encryption (3-DES ECB) is done by doing a DES ECB encryption of an eight +octet data block with the first DES key, performing a DES ECB decryption +of the resulting data block with the second key and performing a DES ECB +encryption of the result with the third key. + +The encryption of a data stream in Cipher Block Chaining mode is +accomplished by eXclusive-ORing each eight-octet data block with the +cipher computed from the previous data block, and then performing a +3-DES ECB encryption. The first data block is eXclusive-ORed with an +initial vector, which is commonly zero prior to performing the 3-DES +ECB. + +The string-to-key algorithm that is used for converting a user's +password into a 3-DES key is a one-way function, evenly distributing the +user's input in the resulting key. The user's input is appended with +the salt information (typically the realm name), and 168-folded to +produce three DES keys sans parity. The 168 bits are then expanded to +include odd parity, for use within the DES routines. The three DES keys +are then used to encrypt themselves in 3-DES CBC mode, and the result is +parity adjusted. Any weak or semi-weak DES keys are first strengthened +by eXclusive-ORing the first octet with the value 0xF0 prior to their +use. + +The n-fold operation used by the string-to-key algorithm +replicates the input bit array X until its length is the least common +multiple of n bits and the length of X. Before each replication, the +input is circularly rotated to the right by 13 bit positions. The +successive n-bit chunks of the resulting bit array are then added +together with end-around carry to yield a n-bit result. The first bit +position in the arrays is treated as the most significant bit. + + + +Glossary +-------- +n-fold + To n-fold a bit array X into n bits, replicate the input value to a length + that is the least common multiple of n bits and the length of X. Before + each successive repetition, circularly rotate the input X to the right by + 13 bit positions. The successive n-bit chunks are added together (where + the first bit is the most significant bit) with end-around carry (that is, + adding the carry result from the most significant bits to the least + significant bits) to yield a n-bit result. + +Triple-DES ECB mode: + + Three DES keys are used in turn to perform a DES ECB encryption of an + eight-octet data block with the first key, followed by a DES ECB + decryption of the resulting data block with the second key, followed + by a DES ECB encryption of the resulting data block with the last key. + +Triple-DES CBC mode: + An input data stream is padded on the right by zeroes to an eight-octet + boundary. The first eight octet block is eXclusive-ORed with an initial + vector eight-octet block. This result is triple-DES ECB encrypted with + three DES keys. Subsequent eight-octet data blocks are eXclusive-ORed + with the cipher text produced from the 3-DES ECB encryption of the previous + block and then the data block is 3-DES ECB encrypted with the same DES keys. + +Triple-DES String to key computation: + The input string (appended with any salt data) is 168-folded into a 21 octet + (168 bit) string. Each successive set of 7 octets is treated as a DES key + sans parity. The DES keys are then adjusted to include parity by computing + a parity bit for each successive seven bits to form eight octets. + The resulting DES keys including parity are then used to encrypt themselves + using Triple-DES CBC encryption with a zero initial vector. The result + is then adjusted for parity to produce three valid DES keys. Each key is + checked for weakness, and if it is determined to be weak or semi-weak, the + first octet of each weak key is eXclusive-ORed with the value 0xF0.