This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 05/19/2018 10:56 PM, Zack Weinberg wrote:
des_setparity() is documented to fix up a packed DES key so that each byte has odd parity, as required by the DES specification. The manual doesn't do a very good job explaining how it does that, and when I went to look at the source code to find out more details, I discovered this: /* * Table giving odd parity in the low bit for ASCII characters */ static const char partab[128] = { 0x01, 0x01, 0x02, 0x02, 0x04, 0x04, 0x07, 0x07, ... }; void des_setparity (char *p) { int i; for (i = 0; i < 8; i++) { *p = partab[*p & 0x7f]; p++; } } So it overwrites the low bit of each byte as necessary to make each byte have odd parity, as documented, but it also forces the *high* bit of each byte to be zero, which cuts the keyspace down even further - a DES key that's passed through des_setparity() has only 48 bits of entropy.
I would have understood 40 bit, but 48 bit looks like a bug. I found this: Patch-ID# T104620-01 (Preliminary Patch - Not Yet Released) Keywords: security des_setparity DES RPC Synopsis: SunOS 5.4: POINT PATCH: 1149767 - des_setparity() fix SunOS release: 5.4 Relevant Architectures: sparc BugId's fixed with this patch: 1149767Apparently, this was when des_setparity_g was introduced. des_setparity was not changed. So I don't think there is anything left to do. I'm not even sure if these functions should still be documented in the manual.
libtirpc supports RPCSEC_GSS, and I think that's the de-facto successor for RPC with cryptography.
Thanks, Florian
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |