% FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0
% Copyright (c) 1986,87,89 by Frame Technology, Inc. All rights reserved.
% Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1
% Set up Color vs. Black-and-White
/FMPrintInColor systemdict /colorimage known def
% Uncomment this line to force b&w on color printer
% /FMPrintInColor false def
systemdict /errordict known not {/errordict 10 dict def
errordict /rangecheck {stop} put} if
% The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk
FrameDict /tmprangecheck errordict /rangecheck get put
errordict /rangecheck {FrameDict /bug true put} put
% Some PS machines read past the CR, so keep the following 3 lines together!
currentfile 5 string readline
errordict /rangecheck FrameDict /tmprangecheck get put
gstring exch gindex exch put
gstring 0 gindex getinterval true
/Times-Roman findfont 18 scalefont setfont
(FrameMaker version does not match postscript_prolog!)
0 ne dup {setmanualfeed} if
manualfeed {true} {papersize} ifelse
{manualpapersize} {false} ifelse
currenttransfer cvlit /orgxfer exch def
currentscreen cvlit /orgproc exch def
/organgle exch def /orgfreq exch def
90 rotate 0 exch neg translate pop
[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall
fw urx llx sub div fh ury lly sub div scale
llx neg lly neg translate
%%BeginFeature *ManualFeed True
statusdict /manualfeed true put
/max {2 copy lt {exch} if pop} bind def
/min {2 copy gt {exch} if pop} bind def
paperheight sub abs 16 lt exch
paperwidth sub abs 16 lt and
{/papername exch def} {pop} ifelse
/papersizedict 14 dict def
/Letter 8.5 inch 11.0 inch pagedimen
/LetterSmall 7.68 inch 10.16 inch pagedimen
/Tabloid 11.0 inch 17.0 inch pagedimen
/Ledger 17.0 inch 11.0 inch pagedimen
/Legal 8.5 inch 14.0 inch pagedimen
/Statement 5.5 inch 8.5 inch pagedimen
/Executive 7.5 inch 10.0 inch pagedimen
/A3 11.69 inch 16.5 inch pagedimen
/A4 8.26 inch 11.69 inch pagedimen
/A4Small 7.47 inch 10.85 inch pagedimen
/B4 10.125 inch 14.33 inch pagedimen
/B5 7.16 inch 10.125 inch pagedimen
/LetterSmall {lettertray lettersmall} def
/Statement {statementtray} def
/Executive {executivetray} def
/A4Small {a4tray a4small} def
papersizedict dup papername known {papername} {/unknown} ifelse get
/FMdicttop countdictstack 1 add def
statusdict begin stopped end
countdictstack -1 FMdicttop {pop end} for
/LetterSmall {lettersmall} def
/Statement {statement} def
/Executive {executive} def
papersizedict dup papername known {papername} {/unknown} ifelse get
statusdict /setpageparams known
paperwidth paperheight 0 1
{setpageparams} stopped pop
orgmatrix currentmatrix pop
/dpi 72 0 dmatrix defaultmatrix dtransform
dup mul exch dup mul add sqrt def
/freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def
/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
/numbersign /dollar /percent /ampersand /quotesingle /parenleft
/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
/two /three /four /five /six /seven /eight /nine /colon /semicolon
/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
/udieresis /dagger /.notdef /cent /sterling /section /bullet
/paragraph /germandbls /registered /copyright /trademark /acute
/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
/periodcentered /quotesinglbase /quotedblbase /perthousand
/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
Encoding StandardEncoding eq
/Encoding DiacriticEncoding def
/onbits 0 def /offbits 0 def
freq sangle landscape {90 add} if
/xindex x 1 add 2 div bpside mul cvi def
/yindex y 1 add 2 div bpside mul cvi def
bstring yindex bwidth mul xindex 8 idiv add get
1 7 xindex 8 mod sub bitshift and 0 ne
{/onbits onbits 1 add def 1}
{/offbits offbits 1 add def 0}
offbits offbits onbits add div FMsetgray
orgfreq organgle orgproc cvx setscreen
% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
[0.16 1.0] % comment / yellow
{HUE SAT BRIGHT sethsbcolor}
/SAT exch 1.0 exch sub store
{HUE SAT BRIGHT sethsbcolor}
/FMsetgray {setgray} bind def
transform round exch round exch itransform
dtransform round exch round exch idtransform
0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
/M {newpath moveto} bind def
2 1 n {pop normalize lineto} for
0 32 4 2 roll 0 exch awidthshow
0 32 4 2 roll 0 exch awidthshow
/dl dx dx mul dy dy mul add sqrt def
/r [Cos Sin Sin neg Cos 0.0 0.0] def
/t2 t 2.5 mul 3.5 max def
dl t 2.7 mul sub 0.0 rlineto
x dx add y dy add translate
t 1.61 mul neg 0.0 translate
t2 1.7 mul neg t2 2.0 div moveto
t2 1.7 mul neg t2 2.0 div neg lineto
normalize translate 0.0 0.0 moveto
2 index 2 div add exch 3 index 2 div sub exch
normalize 2 index 2 div sub exch 3 index 2 div add exch
/FMdicttop countdictstack 1 add def
3 index neg 3 index neg translate
count -1 FMoptop {pop pop} for
countdictstack -1 FMdicttop {pop end} for
0 1 sl 1 sub {str exch val put} for
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
ws 0 len getinterval im pos len getinterval copy pop
bs 0 len getinterval im pos len getinterval copy pop
/val cf s1 readhexstring pop 0 get def
pos 1 pos len add 1 sub {im exch val put} for
cf exch readhexstring pop pop
8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse
translate rotate scale /h exch def /w exch def
/is im 0 lb getinterval def
ws 0 lb getinterval is copy pop
translate rotate scale /h exch def /w exch def
/is w d wbytes string def
{cf is readhexstring pop} image
/newproc proc1 length proc2 length add array def
newproc 0 proc1 putinterval
newproc proc1 length proc2 putinterval
/cynu 1 red indx get 255 div sub def
/magu 1 green indx get 255 div sub def
/yelu 1 blue indx get 255 div sub def
/k cynu magu min yelu min def
/u k currentundercolorremoval exec def
nredt indx 1 0 cynu u sub max sub redt exec put
ngreent indx 1 0 magu u sub max sub grnt exec put
nbluet indx 1 0 yelu u sub max sub blut exec put
ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
{255 mul cvi nredt exch get}
{255 mul cvi ngreent exch get}
{255 mul cvi nbluet exch get}
{255 mul cvi ngrayt exch get}
{pop 0} setundercolorremoval
add add 256 idiv put} for
{255 mul cvi tran exch get 255.0 div}
translate rotate scale /h exch def /w exch def
/is w d wbytes string def
{cf is readhexstring pop} {is} {is} true 3 colorimage
translate rotate scale /h exch def /w exch def
/is im 0 lb getinterval def
ws 0 lb getinterval is copy pop
{ip} {is} {is} true 3 colorimage
8 {fakecolorsetup} COMMONBITMAP
8 {fakecolorsetup} COMMONBITMAPc
1 1 612 792 0 1 16 FMDOCUMENT
fillprocs 0 { 0.000000 grayness } put
fillprocs 1 { 0.100000 grayness } put
fillprocs 2 { 0.300000 grayness } put
fillprocs 3 { 0.500000 grayness } put
fillprocs 4 { 0.700000 grayness } put
fillprocs 5 { 0.900000 grayness } put
fillprocs 6 { 0.970000 grayness } put
fillprocs 7 { 1.000000 grayness } put
fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put
fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put
fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
fillprocs 12 {<8142241818244281> 8 1 setpattern } put
fillprocs 13 {<8040201008040201> 8 1 setpattern } put
fillprocs 14 {<03060c183060c081> 8 1 setpattern } put
fillprocs 16 { 1.000000 grayness } put
fillprocs 17 { 0.900000 grayness } put
fillprocs 18 { 0.700000 grayness } put
fillprocs 19 { 0.500000 grayness } put
fillprocs 20 { 0.300000 grayness } put
fillprocs 21 { 0.100000 grayness } put
fillprocs 22 { 0.030000 grayness } put
fillprocs 23 { 0.000000 grayness } put
fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put
fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put
fillprocs 26 {<3333333333333333> 8 1 setpattern } put
fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
0 12 /Helvetica-Bold FMDEFINEFONT
1 12 /Helvetica-BoldOblique FMDEFINEFONT
1.2 (IMPLEMENT) 178.34 388 S
1.2 (TION NOTES ON ) 267.85 388 S
1.2 (\0501\051) 415.4 388 S
1.2 (Matt Bishop) 265.09 338 S
1.2 (echnical Report PCS-TR91-158) 205.38 288 S
0 12 /Times-Roman FMDEFINEFONT
1 18 /Times-Bold FMDEFINEFONT
2 18 /Times-BoldItalic FMDEFINEFONT
3 12 /Times-Italic FMDEFINEFONT
4 12 /Times-Bold FMDEFINEFONT
5 10 /Times-Roman FMDEFINEFONT
6 12 /Courier FMDEFINEFONT
7 12 /Courier-Oblique FMDEFINEFONT
8 12 /ZapfDingbats FMDEFINEFONT
9 12 /Symbol FMDEFINEFONT
10 12 /Courier-Bold FMDEFINEFONT
(Page 1 of 11) 479.71 34.7 T
(Implementation Notes on ) 179.84 708 T
(Matt Bishop) 276.51 676 T
(Department of Mathematics and Computer Science) 182.92 656 T
(Dartmouth College) 259.86 642 T
(, NH 03755) 298.26 628 T
0.27 (This note describes the implementation of ) 108 582 P
0.27 (, the \336le encryption program being) 336.12 582 P
0.36 (distributed in the 4.4 release of the Berkeley Software Distribution. It implements) 108 568 P
(all modes of the Data Encryption Standard program.) 108 554 T
-0.09 (The Data Encryption Standard is a standard endorsed by the federal government. It is con-) 108 504 P
-0.56 (siderably stronger than the algorithm used by the ) 72 484 P
-0.47 (UNIX) 305.36 484 P
-0.56 (\252 ) 330.34 484 P
-0.56 (crypt) 344.53 484 P
-0.56 (\0501\051 program, and therefore is a more) 369.18 484 P
0.11 (suitable candidate for protecting information, especially information contained in ) 72 464 P
0.09 (ASCII) 466.05 464 P
0.11 ( \336les. The) 492.14 464 P
-0.65 (program ) 72 444 P
-0.65 (bdes) 114.99 444 P
-0.65 (\0501\051 implements the DES and all of its modes, including the two authentication modes.) 136.97 444 P
-0.59 (Because others may wish to write software compatible with this program, this note presents) 108 420 P
-0.04 (the layout of the encrypted \336les produced by ) 72 400 P
-0.04 (bdes) 288.86 400 P
-0.04 ( as well as internal details relevant to the imple-) 310.85 400 P
-0.15 (mentation. Whereever possible and appropriate, the description of the ) 72 380 P
-0.15 (\0501\051 program given in [4]) 424.03 380 P
-0.2 (has been followed; thus, ) 72 360 P
-0.2 ( is completely compatible with that program. However) 212.75 360 P
-0.2 ( also of-) 501.11 360 P
(fers several extensions to ) 72 340 T
( that are not compatible, and these will be explicitly pointed out.) 211.89 340 T
-0.14 (In this note, strings typed as shown will be in ) 108 316 P
-0.34 (Courier Roman font) 326.78 316 P
-0.14 (, and strings to be) 455.62 316 P
-0.42 (chosen by the user will be in ) 72 296 P
-1 (Courier Oblique font) 209.32 296 P
-0.42 (. The space character \050) 351.24 296 P
-0.35 (ASCII) 457.79 296 P
-0.42 (>, octal) 504.34 296 P
-0.43 (40, decimal 32, hex 20\051 will be represented as \322) 72 276 P
-0.43 (\323 and the newline character \050) 301.96 276 P
-0.35 (ASCII) 438.03 276 P
-0.43 (>, octal 12,) 486.79 276 P
-0.05 (decimal 10, hex a\051 as \322) 72 256 P
-0.05 (\277) 181.65 256 P
-0.05 (\323. Because it is often more convenient to represent arbitrary characters as) 189.54 256 P
1.13 (a sequence of hexadecimal digits, that representation will often be used; these digits will be in) 72 236 P
(Courier Bold font) 72 216 T
( with spaces often inserted for readability) 194.33 216 T
(2. Overview and Use) 72 184 T
-0.39 ( implements the Data Encryption Standard algorithm in software, and enables the user) 131.32 160 P
-0.61 (to encrypt data using any of the four modes of operation of the DES \050Electronic Code Book, Cipher) 72 140 P
(This work is based on work funded by grant NAG2-680 from the National
Aeronautics and Space Administration to ) 72 101.33 T
(Dartmouth College.) 72 89.33 T
(UNIX is a Registered T) 72 77.33 T
(rademark of A) 166.58 77.33 T
(T&T Bell Laboratories.) 223.75 77.33 T
(Page 2 of 11) 479.71 34.7 T
0.31 (Block Chaining, ) 72 712 P
0.31 (-bit Cipher Feed Back, and ) 159.58 712 P
0.31 (-bit Output Feed Back\051 as well as the Alternate ) 299.04 712 P
-0.04 (bit Cipher Feed Back mode. Further) 72 692 P
-0.04 (bdes) 250.48 692 P
-0.04 ( supports message authentication code generation based) 272.46 692 P
(on both the Cipher Block Chaining mode and the ) 72 672 T
(-bit Cipher Feed Back mode.) 316.19 672 T
0.07 (By default, ) 108 648 P
0.07 ( encrypts an input \336le using Cipher Block Chaining mode, and is invoked) 186.41 648 P
-0.4 (as a \336lter) 72 628 P
-0.4 (. The key may be speci\336ed either on the command line or may be typed to the prompt. So,) 114.51 628 P
(if the input \336le ) 72 608 T
( contains the message) 210.73 608 T
(then the following command encrypts it using the key ) 72 560 T
(bdes -k abcdefgh < ) 158.48 536 T
( indicates the next ar) 137.96 512 T
(gument is the key) 237.01 512 T
(16 0e eb af 68 a0 d0 19 f1 a2 9b 31 0d 8a 01 c3) 136.89 488 T
0.06 (Other modes are speci\336ed using command-line options, as is control of the way the key is) 108 464 P
(interpreted. The next sections contain several examples, and the Appendix has the manual page.) 72 444 T
(3. Keys and Parity) 72 412 T
0.58 (The key consists of 64 bits, and may be presented in any of hex, binary) 108 388 P
0.58 (, or as a string of) 456.48 388 P
0.14 ( characters. If the key is given in hex or binary) 98.1 368 P
0.14 (, it is used as is with no changes. However) 322.21 368 P
-0.27 (the key is given in ) 72 348 P
-0.23 (ASCII) 161.59 348 P
-0.27 (, a delicate problem arises: by convention, the parity bit is usually set to 0.) 187.69 348 P
-0.47 (This high-order bit is generally ignored by applications; but the DES
does not do so. Instead, it dis-) 72 328 P
-0.14 (cards the low-order bit, ef) 72 308 P
-0.14 (fectively reducing the size of the space of possible keys from 2) 195.44 308 P
-0.12 (56) 495.97 312.8 P
-0.14 ( to 2) 505.97 308 P
-0.12 (48) 527.01 312.8 P
-0.46 (o preserve the size of the key space, the value of the parity bit must be related to the value) 117.03 284 P
-0.09 (in the low-order bit, so the program sets the high-order bit to make each character in the key be of) 72 264 P
-0.7 (odd parity) 72 244 P
-0.7 (. \050Note that the initial value of the parity bit is ) 119.49 244 P
-0.7 ( used in this computation.\051 For example,) 350.31 244 P
(if the key is ) 72 224 T
(, the actual key bits used are determined as follows:) 188.86 224 T
( key bits \050hex\051) 125.1 180 T
(key bits used \050hex\051) 99 140 T
0.18 (This convention \050as opposed to requiring even parity) 108 120 P
0.18 (, or simply copying the low-order bit) 362 120 P
-0.41 (to the high-order bit\051 was chosen to provide compatibility with the encryption program ) 72 100 P
-0.41 ( distrib-) 502.76 100 P
-0.52 (uted by Sun Microsystems, Inc. [4]. Whether the key is entered on the command line or on the key-) 72 80 P
(Page 3 of 11) 479.71 34.7 T
1.89 (board, by default it is processed into the same key schedule generated by Sun\325) 72 712 P
1.89 (, so \336les) 496.56 712 P
(encrypted on a Sun can be decrypted using ) 72 692 T
( \050and vice versa\051.) 302.49 692 T
-0.3 (If the user does not wish to use the Sun convention, the option \320) 108 668 P
-0.3 ( will disable the parity bit) 418.57 668 P
-0.62 (changing; with it, the parity bit is that of the character typed. This
is useful when the key is a known) 72 648 P
( string and the \336le was encrypted on a system which does not alter parity bits.) 98.1 628 T
-0.24 (A key may be represented as a bit vector) 108 604 P
-0.24 (, rather than an ) 300.74 604 P
-0.24 ( string, in one of two ways. It) 400.8 604 P
0.19 (may be represented as a string of up to 16 hexadecimal digits; if fewer than 16 are given, the key) 72 584 P
0.16 (is right \336lled with 0 bits. Or) 72 564 P
0.16 (, it may be represented as a string of up to 64 binary digits, and again) 206.11 564 P
0.15 (if fewer than 64 are given, the key is right-\336lled with 0 bits. Bit
vector keys must be given on the) 72 544 P
0.51 (command line, and must begin with the characters ) 72 524 P
0.51 ( \050for hexadecimal\051 or ) 366.08 524 P
0.51 ( \050for) 518.51 524 P
(binary\051. For example, all of the following strings generate the same key schedule:) 72 504 T
(hexadecimal key) 72 460 T
(0x6162e364e5e66768) 180 460 T
(0b0110000101100010111000110110100011100101111000-) 180 440 T
(1100110011101101000) 180 420 T
-0.14 ( Note that giving the key on the command line as ) 108 396 P
-0.34 (0x6162636465666768) 345.27 396 P
-0.14 ( will ) 474.8 396 P
-0.14 ( reset) 514.5 396 P
0.25 (the parity bits, because it is interpreted as a sequence of hex digits, not ) 72 376 P
0.21 (ASCII) 416.58 376 P
0.25 ( characters. The dif-) 442.68 376 P
0.69 (ference in interpretation is that here the user can specify all bits of the key exactly) 72 356 P
0.69 (, whereas \050on) 474.34 356 P
0.25 (most terminals\051 it is not possible to control how the parity bit of ) 72 336 P
0.21 (ASCII) 384.76 336 P
0.25 ( characters is set. On some) 410.85 336 P
0.36 (systems, it is possible to use a \322Meta\323 key to set the parity bit for an ) 72 316 P
0.36 ( character; should this) 433.33 316 P
-0.3 (be the case and the user desire ) 72 296 P
-0.3 ( not to reset the parity bit, the option ) 240.07 296 P
-0.3 (\320p) 415.25 296 P
-0.3 ( will force the parity bit) 427.92 296 P
(to be used as typed.) 72 276 T
(4. Encryption Output Repr) 72 244 T
(esentation) 211.05 244 T
0.01 (All modes of the DES output ciphertext in blocks; the size of the block is 64 bits \0508 bytes\051) 108 220 P
-0.25 (for ECB and CBC modes, and ) 72 200 P
-0.25 ( bits for the ) 224.07 200 P
-0.25 (-bit CFB and OFB modes, and there are as many out-) 286.35 200 P
-0.5 (put blocks as input blocks. However) 72 180 P
-0.5 (, as the length of the input is usually not a multiple of the block) 243.55 180 P
-0.35 (size, some padding is necessary; but as padding must be done by appending characters, these char-) 72 160 P
0.29 (acters must be distinguished from the input characters somehow) 72 140 P
0.29 (. The mechanism used is that the) 381.35 140 P
0.31 (last character of the \050decrypted\051 last block is the
\050integer\051 number of characters from the input in) 72 120 P
(the last block.) 72 100 T
(Page 4 of 11) 479.71 34.7 T
-0.59 (For example, suppose ) 108 712 P
-1.41 (inputf) 214.16 712 P
-0.59 ( contains \322) 278.93 712 P
-1.41 (This) 329.04 712 P
-1.41 (test) 394.35 712 P
-0.59 (\277) 423.13 712 P
-0.59 (\323, and it is encrypted in) 431.02 712 P
(CBC mode using the key \322) 72 692 T
(\323 and the initialization vector ) 258.5 692 T
(; the command is) 422.99 692 T
(bdes -k abcdef#@ < ) 158.48 668 T
(as CBC is the default encryption mode and ) 72 644 T
( the default initialization vector:) 302.79 644 T
0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 540 P
0.22 ( pads this to a full block by appending one byte containing the ) 95.32 520 P
0.19 (ASCII) 399.67 520 P
0.22 ( character with numeric) 425.77 520 P
(value 7 \050the ) 72 500 T
( character <) 157.71 500 T
(>\051. The result is then encrypted.) 233.3 500 T
0.44 (As another example, suppose ) 108 476 P
1.07 (inputf) 253.34 476 P
0.44 ( contains \322) 318.11 476 P
0.44 (\323, and it is encrypted in ECB) 399.08 476 P
(mode using the key \322) 72 456 T
(\323; the command is) 231.5 456 T
(bdes -b \320k abcdef#@ < ) 147.69 432 T
(because the option ) 72 408 T
( signi\336es ECB mode:) 176.93 408 T
-0.31 (Finally) 108 304 P
-0.31 (, if the length of the message is indeed a multiple of the block size, an extra block of) 141.21 304 P
0.83 (all 0 bits is added. Suppose ) 72 284 P
1.99 (inputf) 210.57 284 P
0.83 ( contains \322) 275.33 284 P
0.83 (\323, and it is encrypted in 40-bit CFB) 364.96 284 P
1.51 (mode using the key \322) 72 264 P
3.62 (abcdef#@) 179.96 264 P
1.51 (\323 and the initialization vector ) 237.53 264 P
3.62 (0x0123456789abcdef) 387.97 264 P
-0.99 (bdes -f40 -v0x0123456789abcdef -kabcdef#@ < ) 72 220 P
-0.99 (inputf) 383.67 220 P
-0.99 (outputf) 468.04 220 P
0.16 (because the option ) 72 196 P
0.16 (\320f40 ) 164.75 196 P
0.16 (signi\336es 40-bit CFB mode, and ) 189.89 196 P
0.16 (-v0x01234566789abcdef) 343.96 196 P
0.16 ( sets the initial-) 465.89 196 P
(ization vector \050note that spaces between the option and its ar) 72 176 T
(gument are optional\051:) 361.57 176 T
1 12 /Times-BoldItalic FMDEFINEFONT
2 14 /Symbol FMDEFINEFONT
(Page 5 of 11) 479.71 34.7 T
(Note here the block size is 40 bits \0505 bytes\051, not 64 bits \0508 bytes\051.) 108 712 T
-0.4 (This technique allows complete compatibility with Sun\325) 108 688 P
-0.4 ( program. In Sun\325) 397.36 688 P
-0.4 (s implemen-) 480.77 688 P
0.02 (tation, padding is done with random bytes rather than bytes containing all zero bits. Cryptograph-) 72 668 P
0.85 (, this makes no dif) 97.87 648 P
0.85 (ference, as the DES is a suf) 189.32 648 P
0.85 (\336ciently good random cipher to obscure the) 325.74 648 P
(input \050see for example [2], Chapter 6\051, and known plaintext attacks are very dif) 72 628 T
(\336cult [1].) 451.82 628 T
(ences Between the Standard CFB and OFB Modes and ) 114.41 596 T
-0.11 (The UNIX operating system treats all \336les as streams of 8-bit bytes. In order to implement) 108 572 P
-0.08 (the CFB and OFB modes properly) 72 552 P
-0.08 (, it would be necessary to read ) 235.74 552 P
-0.08 ( bits from the \336le, where ) 389.07 552 P
-0.08 ( is an) 514.84 552 P
0.98 (integer between 1 and 64 inclusive. However) 72 532 P
0.98 (, this would require considerable buf) 294.22 532 P
0.98 (fering and be) 474.77 532 P
0.23 (quite inef) 72 512 P
0.23 (\336cient and prohibitively slow) 117.65 512 P
0.23 (. For these reasons, the current implementation of ) 258.48 512 P
0.47 (quires that ) 72 492 P
0.47 ( be a multiple of 8, so that an integral number of bytes will always be read from the) 131.56 492 P
(\336le. Other than this change, this mode is implemented as described in [3].) 72 472 T
-0.58 (A similar observation holds for the alternate CFB mode described in [3]. Here, only the low) 108 448 P
0.23 (7 bits of each byte are signi\336cant, and hence the parameter ) 72 428 P
0.23 ( is an integer from 1 to 56 inclusive;) 364.28 428 P
(bdes requires k to be a multiple of 7. The high-order bit is retained for encryption and decryption,) 72 408 T
(but output \050whether from encryption or decryption\051 always has the high-order bit set to zero.) 72 388 T
(6. Message Authentication Code Modes) 72 356 T
0.57 (The Data Encryption Standard provides two modes of authentication, each providing be-) 108 332 P
1.27 (tween 1 and 64 bits of authentication data. In both cases an ) 72 312 P
1.27 (-bit message authentication code) 379.32 312 P
0.62 (\050MAC\051 is generated, where 1) 72 292 P
0.62 ( 64. The \336rst is based on the CBC encryption mode, and the) 245.35 292 P
(second on CFB mode. Both work the same.) 72 272 T
0.13 (First, the \336le is padded to a multiple of the block size by appending enough zero bits. It is) 108 248 P
-0.16 (then encrypted using the standard CBC \050or CFB\051 algorithm, but
all encrypted text is discarded ex-) 72 228 P
-0.44 (cept for the last block. The ) 72 208 P
-0.44 ( leading bits of the last block are used as the MAC. Note that the block) 206.9 208 P
(size constrains the number of bits available as the MAC.) 72 188 T
0.71 (The implementation allows the user to specify that the MAC is to be computed in either) 108 164 P
-0.01 (CBC or CFB mode, and the user can specify any number of bits from 1 to 64 inclusive. However) 72 144 P
-0.11 (because the UNIX operating system can only output bits in multiples of 8, if the number of bits of) 72 124 P
-0.08 (MAC is not a multiple of 8, the MAC will be right-padded with the minimum number of zero bits) 72 104 P
-0.31 (necessary to make the MAC length be a multiple of 8. However) 72 84 P
-0.31 (, note that as the standard \050[3], Ap-) 374.6 84 P
(Page 6 of 11) 479.71 34.7 T
-0.14 (pendix F\051 requires an incomplete \336nal block be right-padded with
zeroes, the technique of forcing) 72 712 P
(the last octet to contain the number of bytes in the message is ) 72 692 T
( used here.) 384.8 692 T
-0.39 (For example, suppose ) 108 668 P
-0.94 (inputf) 214.76 668 P
-0.39 ( contains \322) 279.52 668 P
-0.94 (This) 330.04 668 P
-0.94 (test) 395.34 668 P
-0.39 (\277) 424.13 668 P
-0.39 (\323, and a 64-bit MAC is) 432.02 668 P
-0.73 (to be generated using CBC mode, the key \322) 72 648 P
-1.74 (abcdef#@) 274.39 648 P
-0.73 (\323 and the initialization vector ) 331.96 648 P
-0.73 (; the com-) 492.82 648 P
(bdes -m 64 -k abcdef#@ < ) 136.89 604 T
(as CBC is the default encryption mode and ) 72 580 T
( the default initialization vector:) 302.79 580 T
0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 476 P
( pads this to a full block by appending a zero-\336lled byte. The result is then encrypted and the) 95.32 456 T
(last block of output is used as the MAC.) 72 436 T
0.06 (As another example, suppose we used the same text, and wanted a 36-bit MAC to be gen-) 108 412 P
6.91 (erated using 40-bit CFB mode, the key \322) 72 392 P
16.58 (abcdef#@) 314.9 392 P
6.91 (\323 and the initialization vector) 372.47 392 P
(0x0123456789abcdef) 72 372 T
(; the command is) 201.53 372 T
(bdes -m 36 -f 40 -v 0x0123456789abcdef < ) 79.32 348 T
-0.19 (\320m 36) 104.11 324 P
-0.19 ( is the option to generate a 36-bit MAC, ) 134.91 324 P
-0.19 (\320f 40) 327.79 324 P
-0.19 ( indicates 40-bit CFB is to be used, and) 352.58 324 P
-0.31 (\320v 0x123456789abcdef) 72 304 P
-0.31 ( sets the initialization vector) 186.62 304 P
-0.31 (. Note that, as the key is not given on the com-) 319.95 304 P
(mand line, the user will be prompted for it. It gives:) 72 284 T
0.19 (Note that the MAC is padded on the right by four zero bits to produce \336ve characters that) 108 180 P
(can be output.) 72 160 T
(ences Between ) 114.41 128 T
( and Sun\325) 212.99 128 T
(s DES Implementation) 261.88 128 T
0.02 (The program ) 108 104 P
0.02 ( is designed to be completely compatible with Sun Microsystems, Inc.\325) 195.31 104 P
0.57 (implementation of the Data Encryption Standard, called ) 72 84 P
0.57 ( and described in [4]. Thus, \336les en-) 363.13 84 P
(Page 7 of 11) 479.71 34.7 T
0.44 (crypted using ) 72 712 P
0.44 ( can be decrypted using ) 156.83 712 P
0.44 (, and vice versa, provided modes common to both) 297.27 712 P
-0.34 (are used. However) 72 692 P
-0.34 (bdes) 166.06 692 P
-0.34 ( does not allow \336les to be named on the command line, nor does it support) 188.05 692 P
-0.68 (hardware devices \050and so the ) 72 672 P
-0.68 ( and ) 219.49 672 P
-0.68 ( options of Sun\325) 249.44 672 P
-0.68 ( are not available\051. Further) 346.69 672 P
-0.68 (, as encryption) 471.07 672 P
-0.05 (is the default, the Sun ) 72 652 P
-0.05 ( option is not recognized. As the manual page to ) 207.27 652 P
-0.05 ( is in the appen-) 463.59 652 P
(dix, these dif) 72 632 T
(ferences will not be elaborated upon further) 134.08 632 T
0.44 ( supports the use of special-purpose hardware to encrypt and decrypt. Although) 154.09 608 P
1.33 ( does not directly support the use of such hardware, it uses the library routine ) 93.98 588 P
1.33 (encrypt) 487.05 588 P
1.33 (\0503\051,) 523.02 588 P
-0.09 (which may) 72 568 P
-0.09 (. Hardware support was not included directly to support as lar) 124.1 568 P
-0.09 (ge a number of platforms) 419.11 568 P
(as possible with installers needing to know as little about the hardware as possible.) 72 548 T
-0.08 (Sun\325) 108 524 P
-0.08 ( supports only the CBC and ECB encryption modes; ) 153.57 524 P
-0.08 (bdes) 407.07 524 P
-0.08 ( supports all modes de-) 429.05 524 P
0.26 (scribed in [3] \050although CFB and OFB are not completely supported\051 as well as both CBC-based) 72 504 P
(and CFB-based MACs.) 72 484 T
0.15 (Although input with length not a multiple of the block size is handled in the same way by) 108 460 P
-0.47 ( and ) 111.84 440 P
-0.47 (bdes) 134.21 440 P
-0.47 (, dif) 156.19 440 P
-0.47 (ferent values of the padding bytes are used in all but the last byte of the input.) 174.82 440 P
( puts zero bytes, ) 128.94 420 T
( puts bytes containing random values. The reason for Sun\325) 225.87 420 T
0.47 (so is to prevent a known plaintext attack on the \336le should an
attacker determine that the input\325) 72 400 P
-0.29 (length were a multiple of the block size. W) 72 380 P
-0.29 (ith ) 276.05 380 P
-0.29 (bdes) 291.43 380 P
-0.29 (, the plaintext contents of the last block of input) 313.41 380 P
0.31 (for such a \336le is known \050a block with all bits zero\051. W) 72 360 P
0.31 (, the plaintext contents of that block) 365.95 360 P
0.73 (are not known. Cryptanalytically) 72 340 P
0.73 (, given the information about the strength of the DES currently) 231.29 340 P
0.2 (known, it is widely believed that known plaintext attacks are infeasible
\050see for example [1]\051 and) 72 320 P
1.86 (so initializing and invoking the pseudorandom number generator seems unnecessary) 72 300 P
1.86 (. But this) 492.63 300 P
(means that ciphertexts produced from a plaintext by ) 72 280 T
(fer in the last block.) 423.54 280 T
0.37 (D. Denning, \322The Data Encryption Standard: Fifteen Y) 108 224 P
0.37 (ears of Public Scrutiny) 374.87 224 P
0.37 (,\323 ) 484.8 224 P
0.37 (oceed-) 508.04 224 P
-0.47 (ings of the Sixth Annual Computer Security Applications Confer) 108 204 P
-0.47 (ence) 411.65 204 P
-0.47 ( pp. x\320xv \050Dec. 1990\051.) 433.62 204 P
(Cryptography: A Primer) 173.29 180 T
(iley and Sons, Inc., New Y) 333.9 180 T
(ork, NY \0501981\051.) 461.94 180 T
0.63 (DES Modes of Operation) 108 156 P
0.63 (, Federal Information Processing Standards Publication 81, Na-) 231.47 156 P
-0.07 (tional Bureau of Standards, U.S. Department of Commerce, W) 108 136 P
-0.07 (ashington, DC \050Dec. 1980\051.) 407.62 136 P
(, Sun Microsystems Inc., Mountain V) 210.16 112 T
(, CA \050Mar) 406.54 112 T
(. 1988\051.) 455.51 112 T
(Appendix. The UNIX System Manual Page for ) 72 80 T
1 11 /Times-Bold FMDEFINEFONT
(Page 8 of 11) 479.71 34.7 T
(bdes - encrypt/decrypt using the Data Encryption Standard) 108 689 T
(DESCRIPTION) 72 614.67 T
-0.69 ( reads from the standard input and writes on the standard output. It implements all DES) 131.32 591 P
-0.09 (modes of operation described in FIPS PUB 81 including alternative cipher feedback mode) 108 577 P
0.74 (and both authentication modes. All modes but the electronic code book mode require an) 108 563 P
-0.14 (initialization vector; if none is supplied, the zero vector is used. T) 108 549 P
-0.14 (o protect the key and ini-) 420.44 549 P
0.29 (tialization vector from being read by) 108 535 P
0.29 (\0501\051, ) 298.94 535 P
0.29 (bdes ) 319.21 535 P
0.29 (hides its ar) 344.48 535 P
0.29 (guments on entry) 396.81 535 P
0.29 (. If no ) 479.89 535 P
-0.61 (given, one is requested from the controlling terminal if that can be opened, or from the stan-) 108 521 P
(dard input if not.) 108 507 T
-0.17 (The key and initialization vector are taken as sequences of ) 108 489 P
-0.14 (ASCII) 389.38 489 P
-0.17 ( characters which are then) 415.48 489 P
-0.35 (mapped into their bit representations. If either begins with
\3240x\325 or \3240X\325, that one is taken as) 108 475 P
1.02 (a sequence of hexadecimal digits indicating the bit pattern; if either begins with \3240b\325 or) 108 461 P
-0.73 (\3240B\325, that one is taken as a sequence of binary digits
indicating the bit pattern. In either case,) 108 447 P
-0.37 (only the leading 64 bits of the key or initialization vector are used, and if fewer than 64 bits) 108 433 P
0.35 (are provided, enough 0 bits are appended to pad the key to 64 bits. Note that if the key is) 108 419 P
0.03 (not entered on the command line, it is interpreted in the same way) 108 405 P
0.03 (, because with 4.4 BSD,) 424.31 405 P
-0.36 (the password reading function ) 108 391 P
-0.36 (getpass) 254.45 391 P
-0.36 (\0503\051 allows enough characters for either hex or binary) 290.43 391 P
(keys to be entered.) 108 377 T
0.04 (According to the DES standard, the low-order bit of each character in the key string is de-) 108 359 P
-0.18 (leted. Since most ) 108 345 P
-0.15 (ASCII) 192.75 345 P
-0.18 ( representations set the high-order bit to 0, simply deleting the low-) 218.84 345 P
-0.29 (order bit ef) 108 331 P
-0.29 (fectively reduces the size of the key space from 2) 160.49 331 P
-0.24 (56) 394.67 335.8 P
-0.29 ( to 2) 404.67 331 P
-0.24 (48) 425.41 335.8 P
-0.29 ( keys. T) 435.4 331 P
-0.29 (o prevent this,) 472.29 331 P
-0.46 (the high-order bit must be a function depending in part upon the low-order bit; so, the high-) 108 317 P
0.11 (order bit is set to whatever value gives odd parity) 108 303 P
0.11 (. This preserves the key space size. Note) 345.05 303 P
(this resetting of the parity bit is ) 108 289 T
( done if the key is given in binary or hex.) 276.24 289 T
-0.38 (By default, the standard input is encrypted using cipher block chaining mode and is written) 108 271 P
0.18 (to the standard output. Using the same key for encryption and decryption preserves plain-) 108 257 P
( < plaintext | bdes \320i ) 269.77 225 T
(is a very expensive equivalent of ) 108 201 T
-0.75 (The key and initialization vector strings are to be taken as ) 144 165 P
-0.62 (ASCII) 415.89 165 P
-0.75 ( suppressing the spe-) 441.98 165 P
0.3 (cial interpretation given to leading \3240x\325, \3240X\325, \3240b\325,
and \3240B\325 characters. Note this) 144 151 P
(\337ag applies to ) 144 137 T
( the key and initialization vector) 235.62 137 T
(Use electronic code book mode.) 144 119 T
(Decrypt the input.) 144 101 T
(Page 9 of 11) 479.71 34.7 T
-0.29 (-bit cipher feedback mode. Currently ) 171.35 712 P
-0.29 ( must be a multiple of 8 between 8 and) 356.42 712 P
(64 inclusive \050this does not conform to the standard CFB mode speci\336cation\051.) 144 698 T
-0.29 (-bit alternative cipher feedback mode. Currently ) 171.36 680 P
-0.29 ( must be a multiple of 7 be-) 409.77 680 P
-0.12 (tween 7 and 56 inclusive \050this does not conform to the alternative CFB mode spec-) 144 666 P
(i\336cation\051.) 144 652 T
0.37 (Use the string ) 144 616 P
0.37 ( as the cryptographic key) 230.72 616 P
0.37 (. If this ar) 352.01 616 P
0.37 (gument is not given, the user) 399.54 616 P
(will be prompted for the key) 144 602 T
0.71 (Compute a message authentication code \050MAC\051 of ) 144 584 P
0.71 ( bits on the input. ) 401.77 584 P
0.71 ( must be) 497.94 584 P
0.11 (between 1 and 64 inclusive; if ) 144 570 P
0.11 ( is not a multiple of 8, enough 0 bits will be added) 297.86 570 P
-0.44 (to pad the MAC length to the nearest multiple of 8. Only the MAC is output. MACs) 144 556 P
(are only available in cipher block chaining mode or in cipher feedback mode.) 144 542 T
-0.34 (-bit output feedback mode. Currently ) 171.31 524 P
-0.34 ( must be a multiple of 8 between 8 and) 356.83 524 P
(64 inclusive \050this does not conform to the OFB mode speci\336cation\051.) 144 510 T
-0.14 (Disable the resetting of the parity bit. This \337ag forces the parity bit of the key to be) 144 492 P
0.03 (used as typed, rather than making each character be of odd parity) 144 478 P
0.03 (. It is used only if) 455.91 478 P
(the key is given in ) 144 464 T
-0.5 (Set the initialization vector to ) 144 428 P
-0.5 (; the vector is interpreted in the same way as the key) 291.76 428 P
(The vector is ignored in electronic codebook mode.) 144 414 T
-0.55 (The DES is considered a very strong cryptosystem, and other than table lookup attacks, key) 108 396 P
0.24 (search attacks, and Hellman\325) 108 382 P
0.24 (s time-memory tradeof) 246.61 382 P
0.24 (f \050all of which are very expensive and) 356.8 382 P
0.66 (time-consuming\051, no cryptanalytic methods for breaking the DES are known in the open) 108 368 P
0.33 (literature. No doubt the choice of keys and key security are the most vulnerable aspect of) 108 354 P
(TION NOTES) 154.18 314 T
0.57 (For implementors wishing to write software compatible with this program, the following) 108 290 P
-0.23 (notes are provided. This software is completely compatible with the implementation of the) 108 276 P
(data encryption standard distributed by Sun Microsystems, Inc.) 108 262 T
0.11 (In the ECB and CBC modes, plaintext is encrypted in units of 64 bits \0508 bytes, also called) 108 244 P
0.52 (a block\051. T) 108 230 P
0.52 (o ensure that the plaintext \336le is encrypted correctly) 160.49 230 P
0.52 (bdes ) 419.53 230 P
0.52 (will \050internally\051 ap-) 445.03 230 P
0.29 (pend from 1 to 8 bytes, the last byte containing an integer stating how many bytes of that) 108 216 P
-0.71 (\336nal block are from the plaintext \336le, and encrypt the resulting block. Hence, when decrypt-) 108 202 P
0.27 (ing, the last block may contain from 0 to 7 characters present in the plaintext \336le, and the) 108 188 P
-0.59 (last byte tells how many) 108 174 P
-0.59 (. Note that if during decryption the last byte of the \336le does not con-) 221.46 174 P
0.41 (tain an integer between 0 and 7, either the \336le has been corrupted or an incorrect key has) 108 160 P
0.48 (been given. A similar mechanism is used for the OFB and CFB modes, except that those) 108 146 P
0.26 (simply require the length of the input to be a multiple of the mode size, and the \336nal byte) 108 132 P
-0.73 (contains an integer between 0 and one less than the number of bytes being used as the mode.) 108 118 P
(\050This was another reason that the mode size must be a multiple of 8 for those modes.\051) 108 104 T
(Page 10 of 11) 473.71 34.7 T
0.94 (Unlike Sun\325) 108 712 P
0.94 (s implementation, unused bytes of that last block are not \336lled with random) 166.58 712 P
0.57 (data, but instead contain what was in those byte positions in the preceding block. This is) 108 698 P
(quicker and more portable, and does not weaken the encryption signi\336cantly) 108 684 T
0.36 (If the key is entered in ) 108 666 P
0.36 (, the parity bits of the key characters are set so that each key) 246.85 666 P
1.03 (character is of odd parity) 108 652 P
1.03 (. Unlike Sun\325) 231.23 652 P
1.03 (s implementation, it is possible to enter binary or) 296.92 652 P
-0.57 (hexadecimal keys on the command line, and if this is done, the parity bits are ) 108 638 P
-0.57 (not ) 472.85 638 P
-0.57 (reset. This) 490.61 638 P
(allows testing using arbitrary bit patterns as keys.) 108 624 T
0.64 (The Sun implementation always uses an initialization vector of 0 \050that is, all zeroes\051. By) 108 606 P
(does too, but this may be changed from the command line.) 172.29 592 T
(controlling terminal for typed key) 180 542 T
(\0501\051, ) 132.65 492 T
-0.4 (Data Encryption Standar) 108 474 P
-0.4 (, Federal Information Processing Standard #46, National Bureau) 234.02 474 P
(of Standards, U.S. Department of Commerce, W) 108 460 T
(ashington DC \050Jan. 1977\051.) 340.2 460 T
0.16 (Modes of Operation, ) 133.15 442 P
0.16 (Federal Information Processing Standard #81, National Bureau) 236.24 442 P
(of Standards, U.S. Department of Commerce, W) 108 428 T
(ashington DC \050Dec. 1980\051.) 340.2 428 T
2.75 (Dorothy Denning, ) 108 410 P
2.75 (Cryptography and Data Security) 203.77 410 P
2.75 (, Addison-W) 368.8 410 P
2.75 (esley Publishing Co.,) 432.55 410 P
(Reading, MA \2511982.) 108 396 T
-0.19 ( Matt Bishop, \322Implementation Notes on ) 108 378 P
-0.19 (bdes) 305.76 378 P
-0.19 (\0501\051\323, T) 327.75 378 P
-0.19 (echnical Report PCS-TR-91-158, De-) 359.35 378 P
0.34 (partment of Mathematics and Computer Science, Dartmouth College, Hanover) 108 364 P
0.34 (, NH \050Apr) 488.01 364 P
-0.55 (Certain speci\336c keys should be avoided because they introduce potential weaknesses; these) 108 300 P
-0.44 (keys, called the ) 108 286 P
-0.44 (weak) 183.95 286 P
-0.44 ( and ) 208.6 286 P
-0.44 (semiweak) 231.03 286 P
-0.44 ( keys, are \050in hex notation, where ) 277.66 286 P
-0.44 ( is either ) 444.64 286 P
-0.44 ( or ) 494.82 286 P
-0.44 (, and) 517.12 286 P
( is either ) 115.2 272 T
(0x0p0p0p0p0p0p0p0p) 144 254 T
(0x0p1P0p1P0p0P0p0P) 360 254 T
(0x0pep0pep0pfp0pfp) 144 236 T
(0x0pfP0pfP0pfP0pfP) 360 236 T
(0x1P0p1P0p0P0p0P0p) 144 218 T
(0x1P1P1P1P0P0P0P0P) 360 218 T
(0x1Pep1Pep0Pfp0Pfp) 144 200 T
(0x1PfP1PfP0PfP0PfP) 360 200 T
(0xep0pep0pfp0pfp0p) 144 182 T
(0xep1Pep1pfp0Pfp0P) 360 182 T
(0xepepepepepepepep) 144 164 T
(0xepfPepfPfpfPfpfP) 360 164 T
(0xfP0pfP0pfP0pfP0p) 144 146 T
(0xfP1PfP1PfP0PfP0P) 360 146 T
(0xfPepfPepfPepfPep) 144 128 T
(0xfPfPfPfPfPfPfPfP) 360 128 T
0.13 (The weakness of these keys is inherent in the DES algorithm \050see for example Moore and) 108 110 P
-0.57 (Simmons, \322Cycle structure of the DES with weak and semi-weak keys,\323) 108 96 P
-0.57 ( Advances in Cryp-) 449.43 96 P
(tology \320 Crypto \32486 Pr) 108 82 T
(erlag New Y) 323.17 82 T
(ork, \2511987, pp. 9-32\051.) 383.25 82 T
(Page 11 of 11) 473.71 34.7 T
-0.18 (There is a controversy raging over whether the DES will still be secure in a few years. The) 108 688 P
0.31 (advent of special-purpose hardware could reduce the cost of any of the methods of attack) 108 674 P
(named above so that they are no longer computationally infeasible.) 108 660 T
0.32 (Programs which display programs\325 ar) 108 642 P
0.32 (guments may compromise the key and initialization) 289.59 642 P
0.76 (vector if they are speci\336ed on the command line. T) 108 628 P
0.76 (o avoid this ) 358.46 628 P
0.76 ( overwrites its ar) 441.68 628 P
(ments. However) 108 614 T
(, the obvious race cannot currently be avoided.) 186.12 614 T
0.25 (As the key or key schedule is kept in memory throughout the run of this program, the en-) 108 596 P
(cryption can be compromised if memory is readable.) 108 582 T
-0.4 (There is no warranty of merchantability nor any warranty of \336tness for a particular purpose) 108 564 P
0.05 (nor any other warranty) 108 550 P
0.05 (, either express or implied, as to the accuracy of the enclosed mate-) 216.95 550 P
(rials or as to their suitability for any particular purpose.) 108 536 T
-0.06 (Accordingly) 108 518 P
-0.06 (, the user assumes full responsibility for their use. Further) 167.18 518 P
-0.06 (, the author assumes) 442.93 518 P
-0.25 (no obligation to furnish any assistance of any kind whatsoever) 108 504 P
-0.25 (, or to furnish any additional) 404.69 504 P
(information or documentation.) 108 490 T
-0.54 (Matt Bishop, Department of Mathematics and Computer Science, Bradley Hall, Dartmouth) 108 440 P
(College, Hanover) 108 426 T
(, NH 03755) 192.12 426 T
(Electronic mail addresses:) 108 408 T
(Internet: Matt.Bishop@dartmouth.edu) 108 390 T
(UUCP: decvax!dartvax!Matt.Bishop) 108 372 T
%%BoundingBox: 0 0 612 792
%%DocumentFonts: Helvetica-Bold
%%+ Helvetica-BoldOblique