[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question regarding mandatory CBC-DESSupport
Pat,
One trick that may help you implement both DES-CBC and
comply with a 40 bit key length for general export is to create
a key management system that uses the subset of DES keys that
are used by DES-CDMF (an IBM invention). Normal DES keys are
chosen from a 56 bit space, and CDMF defines a 40 bit subset
of that space that is uniformly distributed across the normal
DES key space. The basic idea is to pick a 40 bit number,
encrypt it with a well known des key to get a 64 bit number,
which is then parity adjusted to be a proper 56 bit des key
stored in eight bytes. The standard DES-CBC algorithm is
used with this key.
Note that CDMF is patented by IBM.