[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks



   From: smb@research.att.com
   Date: Thu, 13 Apr 95 13:50:36 EDT

	    One implementation strategy that could improve performance
	    would be to devise (or use, if one already exists) a software
	    version of DES that accepts an expanded key schedule as well
	    as a traditional 64/56 bit key.

   Kerberos does this.

Well, actually it's more accurate to say that the DES implementation
which was shipped with Kerberos V4 (originally written by Steve Miller)
allows for this.  Most of the DES implementations floating around seem
to use the same API --- especially the ones available from anonymous FTP
from funet.fi.net.  (I can't imagine why..... )

It makes sense though.  In software the key scheduling does take a
non-negligible amount of time, so it makes sense to have one routine for
expanding the key into a key schedule, and then have all of your other
DES routines take the key schedule as an argument.  I'd rather suspect
that nearly all DES implementations did this.

						- Ted


References: