3DES decryption bug in 0.4.0
mroth at nessie.de
Sat Sep 19 05:15:10 CEST 1998
shame on me... It's about half past three in the morning and I went to bed
and than it came to my mind: I made a mistake in the key schedule on 3DES.
I switched on the computer, checked the code, and *bang*, their is really
a bug in Triple-DES decryption.... :-((
Why was this typo not detected by the integrated selftest? The answer is
simple: I wrote my own testcase for my own code. This is generally a bad
idea and as a result of this, the selftest simple doesn't run a test on
the affected subject...
For the first time I appended a hot 'mini-patch' wich fixes the bug to
this mail. I don't think Werner should release a new version to include
I will made a larger patch with some more speed improvements on 3DES
To apply the patch change to directory 'gnupg-0.4.0/cipher' and type in
the command 'patch < PATH_TO_FILE/des-decrypt-bug.patch' and recompile
Please note: The bug apply only to Triple-DES decryption. Encryption is
not affected. Their is no problem with security in manner of unsecure
encryption or leaking session keys or private keys related to this bug.
The 'only' problem is that you can't decrypt message wich used Triple-DES
as symmetric encryption algorithm. Just apply the patch and then you can
decrypt your previous encrypted data.
Ok. Now I will go to bed and hopefully I will not discover more bugs...
-------------- next part --------------
--- des.c.orig Sat Sep 19 03:36:03 1998
+++ des.c Sat Sep 19 03:36:30 1998
@@ -602,13 +602,13 @@
des_key_schedule (key1, ctx->encrypt_subkeys, 0);
- des_key_schedule (key1, ctx->decrypt_subkeys, 1);
+ des_key_schedule (key3, ctx->decrypt_subkeys, 1);
des_key_schedule (key2, &(ctx->encrypt_subkeys), 1);
des_key_schedule (key2, &(ctx->decrypt_subkeys), 0);
des_key_schedule (key3, &(ctx->encrypt_subkeys), 0);
- des_key_schedule (key3, &(ctx->decrypt_subkeys), 1);
+ des_key_schedule (key1, &(ctx->decrypt_subkeys), 1);
More information about the Gnupg-devel