This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: des_setparity() cuts keysize to 48 bits; how much do we care?
- From: Zack Weinberg <zackw at panix dot com>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, Thorsten Kukuk <kukuk at suse dot de>
- Date: Mon, 21 May 2018 13:37:27 -0400
- Subject: Re: des_setparity() cuts keysize to 48 bits; how much do we care?
- References: <CAKCAbMjNff+C62d03u7LmUFQyx_Gs=zkr7mtB7mtk9_22jBgLg@mail.gmail.com> <5b2bbda6-0436-2470-0e8a-bfa963bf6c86@redhat.com>
On Sat, May 19, 2018 at 5:15 PM, Florian Weimer <fweimer@redhat.com> wrote:
> On 05/19/2018 10:56 PM, Zack Weinberg wrote:
>>
>> So [des_setparity] overwrites the low bit of each byte as necessary to make each
>> byte have odd parity, as documented, but it also forces the *high* bit
>> of each byte to be zero, which cuts the keyspace down even further - a
>> DES key that's passed through des_setparity() has only 48 bits of
>> entropy.
>
> I would have understood 40 bit, but 48 bit looks like a bug.
...
> Apparently, this was when des_setparity_g was introduced. des_setparity was
> not changed. So I don't think there is anything left to do. I'm not even
> sure if these functions should still be documented in the manual.
Thinking about it some more, there's no reason to slow-roll
deprecation of DES encryption. RFC 4772 was already calling it
"deprecated" and "a serious error [to use]" in 2006. We should indeed
drop this entire section from the manual, and we should also cut off
access to all of these functions in new programs. And then I don't
have to worry about documenting them :)
New patch series shortly.
zw