6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
Connected: An Internet Encyclopedia
6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1510
Up:
6. Encryption and Checksum Specifications
Up:
6.3. Encryption Systems
Prev: 6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4)
Next: 6.4. Checksums
6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
The des-cbc-md5 encryption mode encrypts information under the Data
Encryption Standard [11] using the cipher block chaining mode [12].
An MD5 checksum (described in [16]) is applied to the confounder and
message sequence (msg-seq) and placed in the cksum field. DES blocks
are 8 bytes. As a result, the data to be encrypted (the
concatenation of confounder, checksum, and message) must be padded to
an 8 byte boundary before encryption.
Plaintext and DES ciphtertext are encoded as 8-octet blocks which are
concatenated to make the 64-bit inputs for the DES algorithms. The
first octet supplies the 8 most significant bits (with the octet's
MSbit used as the DES input block's MSbit, etc.), the second octet
the next 8 bits, ..., and the eighth octet supplies the 8 least
significant bits.
Encryption under DES using cipher block chaining requires an
additional input in the form of an initialization vector. Unless
otherwise specified, zero should be used as the initialization
vector. Kerberos' use of DES requires an 8-octet confounder.
The DES specifications identify some "weak" and "semiweak" keys;
those keys shall not be used for encrypting messages for use in
Kerberos. Additionally, because of the way that keys are derived for
the encryption of checksums, keys shall not be used that yield "weak"
or "semi-weak" keys when eXclusive-ORed with the constant
F0F0F0F0F0F0F0F0.
A DES key is 8 octets of data, with keytype one (1). This consists
of 56 bits of key, and 8 parity bits (one per octet). The key is
encoded as a series of 8 octets written in MSB-first order. The bits
within the key are also encoded in MSB order. For example, if the
encryption key is:
(B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where
B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the
parity bits, the first octet of the key would be B1,B2,...,B7,P1
(with B1 as the MSbit). [See the FIPS 81 introduction for
reference.]
To generate a DES key from a text string (password), the text string
normally must have the realm and each component of the principal's
name appended(In some cases, it may be necessary to use a different
"mix-in" string for compatibility reasons; see the discussion of
padata in section 5.4.2.), then padded with ASCII nulls to an 8 byte
boundary. This string is then fan-folded and eXclusive-ORed with
itself to form an 8 byte DES key. The parity is corrected on the
key, and it is used to generate a DES CBC checksum on the initial
string (with the realm and name appended). Next, parity is corrected
on the CBC checksum. If the result matches a "weak" or "semiweak"
key as described in the DES specification, it is eXclusive-ORed with
the constant 00000000000000F0. Finally, the result is returned as
the key. Pseudocode follows:
string_to_key(string,realm,name) {
odd = 1;
s = string + realm;
for(each component in name) {
s = s + component;
}
tempkey = NULL;
pad(s); /* with nulls to 8 byte boundary */
for(8byteblock in s) {
if(odd == 0) {
odd = 1;
reverse(8byteblock)
}
else odd = 0;
tempkey = tempkey XOR 8byteblock;
}
fixparity(tempkey);
key = DES-CBC-check(s,tempkey);
fixparity(key);
if(is_weak_key_key(key))
key = key XOR 0xF0;
return(key);
}
Next: 6.4. Checksums
Connected: An Internet Encyclopedia
6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
|
