Connected: An Internet Encyclopedia
6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: 6. Encryption and Checksum Specifications
Up: 6.3. Encryption Systems
Prev: 6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4)
Next: 6.4. Checksums

6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)

6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)

The des-cbc-md5 encryption mode encrypts information under the Data Encryption Standard [11] using the cipher block chaining mode [12]. An MD5 checksum (described in [16]) is applied to the confounder and message sequence (msg-seq) and placed in the cksum field. DES blocks are 8 bytes. As a result, the data to be encrypted (the concatenation of confounder, checksum, and message) must be padded to an 8 byte boundary before encryption.

Plaintext and DES ciphtertext are encoded as 8-octet blocks which are concatenated to make the 64-bit inputs for the DES algorithms. The first octet supplies the 8 most significant bits (with the octet's MSbit used as the DES input block's MSbit, etc.), the second octet the next 8 bits, ..., and the eighth octet supplies the 8 least significant bits.

Encryption under DES using cipher block chaining requires an additional input in the form of an initialization vector. Unless otherwise specified, zero should be used as the initialization vector. Kerberos' use of DES requires an 8-octet confounder.

The DES specifications identify some "weak" and "semiweak" keys; those keys shall not be used for encrypting messages for use in Kerberos. Additionally, because of the way that keys are derived for the encryption of checksums, keys shall not be used that yield "weak" or "semi-weak" keys when eXclusive-ORed with the constant F0F0F0F0F0F0F0F0. A DES key is 8 octets of data, with keytype one (1). This consists of 56 bits of key, and 8 parity bits (one per octet). The key is encoded as a series of 8 octets written in MSB-first order. The bits within the key are also encoded in MSB order. For example, if the encryption key is: (B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the parity bits, the first octet of the key would be B1,B2,...,B7,P1 (with B1 as the MSbit). [See the FIPS 81 introduction for reference.]

To generate a DES key from a text string (password), the text string normally must have the realm and each component of the principal's name appended(In some cases, it may be necessary to use a different "mix-in" string for compatibility reasons; see the discussion of padata in section 5.4.2.), then padded with ASCII nulls to an 8 byte boundary. This string is then fan-folded and eXclusive-ORed with itself to form an 8 byte DES key. The parity is corrected on the key, and it is used to generate a DES CBC checksum on the initial string (with the realm and name appended). Next, parity is corrected on the CBC checksum. If the result matches a "weak" or "semiweak" key as described in the DES specification, it is eXclusive-ORed with the constant 00000000000000F0. Finally, the result is returned as the key. Pseudocode follows:

        string_to_key(string,realm,name) {
             odd = 1;
             s = string + realm;
             for(each component in name) {
                  s = s + component;
             }
             tempkey = NULL;
             pad(s); /* with nulls to 8 byte boundary */
             for(8byteblock in s) {
                  if(odd == 0)  {
                      odd = 1;
                      reverse(8byteblock)
                  }
                  else odd = 0;
                  tempkey = tempkey XOR 8byteblock;
             }
             fixparity(tempkey);
             key = DES-CBC-check(s,tempkey);
             fixparity(key);
             if(is_weak_key_key(key))
                  key = key XOR 0xF0;
             return(key);
        }


Next: 6.4. Checksums

Connected: An Internet Encyclopedia
6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)