tstorm@vu44.UUCP (Theo van der Storm) (08/16/85)
In DES, an iteration looks like this: (Li and Ri are 32 bit numbers) Li = Ri-1 Ri = Li-1 XOR f(Ri-1, Ki) Question 1: Does anyone know what the consequences are for the security of the encryption if f(Ri-1, Ki) is replaced by f(Li-1_31, Ki), where Li-1_31 is the last bit of Li? Li = Ri-1 Ri = Li-1 XOR f(Li-1_31, Ki) Obviously, the contents of L and R remain separated throughout all iterations. On the other hand, the key Ki is fully effective for both L and (the next) R. I am asking this, because I found the following bug? in /usr/src/libc/gen/crypt.c (both 4.1BSD and Version 7) BEGIN QUOTE static char L[32], R[32]; END QUOTE BEGIN QUOTE static char E[48]; static char e[] = { 32, 1, 2, 3, 4, 5, END QUOTE BEGIN QUOTE for (j=0; j<48; j++) preS[j] = R[E[j]-1] ^ KS[i][j]; END QUOTE 'L' and 'R' contain 32 bits each (one bit/byte). 'E' contains only null bytes, 'e' containes a permutation, but it is never used. Fix: Delete "static char E[48];" and replace "e[]" on the next line by "E[]". Question 2: Is somebody fooling me or is this real? -- Theo van der Storm, 052 19'08"N / 004 51'16"E UUCP: {seismo|decvax|philabs}!mcvax!vu44!tstorm UUCP: {ark|botter|klipper|tjalk|vu45|vu60}!vu44!tstorm