Cryptography Reference
In-Depth Information
2.3.2 Triple Mode
Since the double mode does not improve security so much, we use a standard triple
mode. The regular triple-DES is defined by three 56-bit keys
k
1
,
k
2
, and
k
3
by
C
−
1
C
k
1
.
(See Ref. [5].) In addition, three keying options are defined:
Enc
=
C
k
3
◦
k
2
◦
1.
k
1
,
k
2
,
k
3
are three independent keys (the key length is thus 168 bits);
2.
k
1
=
k
3
and
k
2
are two independent keys (the key length is thus 112 bits);
3.
k
1
=
k
3
which is equivalent to DES in simple mode. (This is a kind of
retrocompatibility with DES.)
k
2
=
Note that some advanced brute force attacks against triple modes exist as well.
2.4
An Application of DES: UNIX Passwords
A famous application of DES is the old UNIX CRYPT algorithm.
4
It is used for access
control of users based on passwords.
Basically, the “encrypted” version of passwords is stored in a database
/etc/
passwd
whose confidentiality was not originally meant to be ensured. Whenever
a user types his login name and password, the system “encrypts” the password and
compares it to the “encrypted” password stored in the corresponding record of the
database. The encryption is based on modified DES due to the following observations
(see Fig. 2.12).
W
(56)
≈
DES
≈
DES
≈
DES
/etc/passwd
···
0
Salt (12)
Clock
Figure 2.12.
UNIX passwords.
4
A summary of the specification can be found in Ref. [128], pp. 393-394.
Search WWH ::
Custom Search