Dave Mason <dmason@tis.com> Wed, 10 September 1997 18:49 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id OAA07750 for ipsec-outgoing; Wed, 10 Sep 1997 14:49:29 -0400 (EDT)
Date: Wed, 10 Sep 1997 14:58:22 -0400
From: Dave Mason <dmason@tis.com>
Message-Id: <199709101858.OAA20844@rubicon.rv.tis.com>
To: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>ISAKMP-OAKLEY specifies DES Weak and Semi-Weak keys (the list on page 281,
>5th printing, 2nd edition of Schneier.  The list of keys in the draft and
>the list of keys in the book are the same, I believe.

Note that the following weak keys are different between these two sources:

resolution               Schneier 2nd edition

1F1F 1F1F E0E0 E0E0      1F1F 1F1F  0E0E 0E0E     (E0 vs 0E)
E0E0 E0E0 1F1F 1F1F      E0E0 E0E0  F1F1 F1F1     (1F vs F1)

I would guess that the resolution doc (v04) is in error.

>The ESP DES drafts listed Weak, Semi-Weak, and 'Possibly' weak keys.  It's
>the POSSIBLY WEAK list that has an error in Schneier, even in the 5th
>printing.  I have some questions on this.

Note that the esp des drafts match Schneier 2nd edition in the weak
keys but differ in one of the semi-weak keys:

Schneier 2nd edition     esp des drafts

E01F E01F F10E F10E      E0F1 E0F1  F10E F10E     (2nd and 4th bytes)

>From the pattern of all the other semiweak key pairs (bytes swapped
within halfword compared with its key pair), I would have to say
that the esp des drafts are in error.  The key pair is
1FE0 1FE0 0EF1 0EF1.

The esp des drafts differ with Schneier 2nd edition in the
following possibly weak keys:

Schneier 2nd edition     esp des drafts

fe01 e01f  fe01 f10e     fe01 e01f  fe01 f1e0      (8th byte)
1ffe e001  0efe f001     1ffe e001  0efe f101      (7th byte)

I would guess that Schneier is correct on the first key
(from the pattern of the other possibly weak keys near it -
splitting the key in half, two bytes remain the same in the
first half and second half, and the remaing two bytes map
E0 <-> F1 and 1F <-> 0E).
I would guess that the esp des drafts are correct on the
second one (the byte with F0 has incorrect parity).

WARNING: I'm just guessing on the above.

Can someone who would know for sure please inform this list as
to what is correct.  Thanks.

-dave
  •   Dave Mason