des_setparity() cuts keysize to 48 bits; how much do we care?

[Zack Weinberg <zackw at panix dot com>]

des_setparity() is documented to fix up a packed DES key so that each
byte has odd parity, as required by the DES specification.  The manual
doesn't do a very good job explaining how it does that, and when I
went to look at the source code to find out more details, I discovered
this:

/*
 * Table giving odd parity in the low bit for ASCII characters
 */
static const char partab[128] =
{ 0x01, 0x01, 0x02, 0x02, 0x04, 0x04, 0x07, 0x07,
  ... };

void
des_setparity (char *p)
{
  int i;

  for (i = 0; i < 8; i++)
    {
      *p = partab[*p & 0x7f];
      p++;
    }
}

So it overwrites the low bit of each byte as necessary to make each
byte have odd parity, as documented, but it also forces the *high* bit
of each byte to be zero, which cuts the keyspace down even further - a
DES key that's passed through des_setparity() has only 48 bits of
entropy.

The question is how much we care. In principle, nobody should be using
DES anymore, but I honestly don't know whether RPC authentication that
uses a better cipher even _exists_.  If you still do have to use
auth_des to get some level of security, it might make sense to fix
this in the code (which would be as easy as tweaking `partab` to write
to the high rather than the low bit of each byte).  On the other hand,
the fact that it does this in the first place makes me concerned that
the core DES block cipher in sunrpc/des_impl.c (not to be confused
with the core DES block cipher in crypt/crypt_util.c) might not accept
keys with the high bit set, and I _am_ pretty sure it's not worth
anyone's time trying to patch _that_, so maybe we should just document
this flaw ... or even just leave the documentation as is?

zw