/usr/src/libc/gen/crypt.c, DES

Theo van der Storm tstorm%vu44.uucp at BRL.ARPA
Mon Aug 19 17:56:20 AEST 1985


In DES, an iteration looks like this: (Li and Ri are 32 bit numbers)
    Li =  Ri-1
    Ri =  Li-1 XOR f(Ri-1, Ki)

Question 1:
Does anyone know what the consequences are for the security of
the encryption if f(Ri-1, Ki) is replaced by f(Li-1_31, Ki), where
Li-1_31 is the last bit of Li?
    Li =  Ri-1
    Ri =  Li-1 XOR f(Li-1_31, Ki)

Obviously, the contents of L and R remain separated throughout
all iterations. On the other hand, the key Ki is fully
effective for both L and (the next) R.

I am asking this, because I found the following bug? in
/usr/src/libc/gen/crypt.c (both 4.1BSD and Version 7)

BEGIN QUOTE
static char L[32], R[32];
END QUOTE
BEGIN QUOTE
static	char	E[48];
static	char	e[] = {
	32, 1, 2, 3, 4, 5,
END QUOTE
BEGIN QUOTE
		for (j=0; j<48; j++)
			preS[j] = R[E[j]-1] ^ KS[i][j];
END QUOTE

'L' and 'R' contain 32 bits each (one bit/byte).
'E' contains only null bytes, 'e' containes a permutation,
but it is never used.
Fix:
Delete "static char E[48];" and replace "e[]" on the next line by "E[]".

Question 2:
Is somebody fooling me or is this real?
-- 
	Theo van der Storm,    052 19'08"N / 004 51'16"E
UUCP:	       {seismo|decvax|philabs}!mcvax!vu44!tstorm
UUCP:	{ark|botter|klipper|tjalk|vu45|vu60}!vu44!tstorm



More information about the Comp.unix.wizards mailing list