[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question regarding mandatory CBC-DESSupport

To: baldwin <baldwin@rsa.com>
Subject: Re: Question regarding mandatory CBC-DESSupport
From: Steven Bellovin <smb@research.att.com>
Date: Fri, 19 Jul 1996 20:58:18 -0400
Cc: pcalhoun@usr.com, ipsec@TIS.COM
MMDF-Warning: Unable to confirm address in preceding line at neptune.TIS.COM
Sender: ipsec-approval@neptune.tis.com

	 Pat,
	         One trick that may help you implement both DES-CBC and
	 comply with a 40 bit key length for general export is to create
	 a key management system that uses the subset of DES keys that
	 are used by DES-CDMF (an IBM invention).  Normal DES keys are
	 chosen from a 56 bit space, and CDMF defines a 40 bit subset
	 of that space that is uniformly distributed across the normal
	 DES key space.  The basic idea is to pick a 40 bit number,
	 encrypt it with a well known des key to get a 64 bit number,
	 which is then parity adjusted to be a proper 56 bit des key
	 stored in eight bytes.  The standard DES-CBC algorithm is
	 used with this key.

Note that CDMF is patented by IBM.

Prev by Date: Re: Question regarding mandatory CBC-DESSupport
Next by Date: Re: Key Management and DNSSEC
Prev by thread: Re: Question regarding mandatory CBC-DESSupport
Next by thread: Exporting an IPSec implementation
Index(es):
- Main
- Thread