Trying to get a clue about 3DES
Brian Warner
warner at lothar.com
Wed Jan 6 12:18:10 CET 1999
jungmann at cwb.matrix.com.br (Thiago Jung Bauermann) writes:
> I have some questions about the thing (sorry to ask so much at the same
> time): It needs keys with 8 chars in size to work, but how can I make it so
> that the user can specify shorter keys? I padded them with spaces, is that
> secure? I also guess that the keys are not null terminated, right? Also, it
> encrypts 8 chars at a time, but how can I work with shorter blocks? And are
> they null terminated also?
3DES is three instances of DES applied in a row (the encrypt-decrypt-encrypt
sequence is historical: if you make the last two keys the same, it degenerates
into single-key DES, a vague form of backwards-compatibility). DES, like all
block ciphers, takes a fixed size key and uses it to encrypt a fixed size
block of data. Think of both the key and the data to be encrypted as a chunk
of bits, not as a sequence of characters. GPG and other PGP-ish things use a
hybrid encryption scheme, in which a random key is used to encrypt the data
(using 3DES or other symmetric block cipher) and then a public-key encryption
method is used to encrypt that random key. But if you use it in "conventional"
mode then the key is indirectly specified by the user. The usual method is
that the passphrase string typed in by the user is hashed (using SHA-1 or MD5
or some other secure hash function) into a bunch of bits, then you make the
key out of as many bits of the hash as you've got. (throwing some away if your
hash is larger than your key, duplicating some if the key is bigger than the
hash).
So you can use a short passphrase, but it always gets hashed into the same
size hash, and the chunk of bits you end up with is your key. The message is
usually chopped into blocks that match the block size of the cipher, with
random padding on the end to make it a multiple of the block size (so you
always encrypt the same number of bits as the block size, but some of those
bits may just be junk). The simplest method to encrypt an arbitrary number of
bytes that have been chopped up this way is to just encrypt each block
independently (known as ECB mode: Electronic Code Book), but this has some
problems because common blocks (say 'Subject:') will get encrypted with the
same key, and may be easy to pick out. The other modes that are usually
employed to encrypt a stream of data with a block cipher involve some form of
feedback, XORing one block with the next. 'CBC' and 'CFB' are typical modes.
I'll second Rat's recommendation of _Applied Cryptography_. It contains
everything you could want to know, and explains it all really well.
-Brian
More information about the Gnupg-devel
mailing list