des_is_weak_key man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

des_crypt(3)							  des_crypt(3)

       des_crypt,     des_string_to_key,    des_is_weak_key,	des_key_sched,
       des_quad_cksum - Data Encryption Standard (DES) encryption library rou‐
       tines (Auth)

       #include <des.h>

       int des_string_to_key(
	       char *str,
	       C_Block *key ); int des_is_weak_key(
	       C_Block key ); unsigned long des_quad_cksum(
	       unsigned char *input,
	       unsigned long *output,
	       long length,
	       int iterations,
	       C_Block *seed ); int des_key_sched(
	       C_Block key,
	       Key_schedule schedule );

       If  you	are  using  the	 SSL rather than the DSL library routines, see
       des(3)	for   information   on	 des_key_sched(),   des_is_weak_key(),
       des_quad_cksum(), and des_string_to_key().

       For  des_string_to_key(),  key  is  a  pointer  to  a C_Block of 8-byte
       length.	For des_quad_cksum(), des_is_weak_key(), and  des_key_sched(),
       key is a pointer to a DES key.  A string that is converted to an 8-byte
       DES key.	 Pointer to a block of data  to	 which	a  quadratic  checksum
       algorithm is applied.  Pointer to a pre-allocated buffer that will con‐
       tain the complete output from the quadratic  checksum  algorithm.   For
       each  iteration	of  the quadratic checksum applied to the input, eight
       bytes (two longwords) of data are generated.  Length  of	 the  data  to
       which  the quadratic checksum algorithm will be applied.	 If input con‐
       tains more than length bytes of data, then the quadratic checksum  will
       only  be applied to length bytes of input.  The number of iterations of
       the des_quad_cksum() algorithm to apply to input.  If output  is	 NULL,
       then one iteration of the algorithm will be applied to input, no matter
       what the value of iterations is.	 The maximum number of	iterations  is
       four.   An  8-byte  quantity  used  as  a  seed	to  the	 input	of the
       des_quad_cksum() algorithm.  A representation of a DES key  in  a  form
       more  easily  used  with encryption algorithms.	It is used as input to
       the krb_sendmutual() routines.

       The des_crypt() routines are designed to provide the cryptographic rou‐
       tines   which   are   used  to  support	authentication.	 Specifically,
       des_quad_cksum() and des_key_sched() are designed to be used  with  the
       DES  key which is shared between one Kerberos principal and its authen‐
       ticated peer to provide an easy authentication method after the initial
       Kerberos	     authentication	pass.	   des_string_to_key()	   and
       des_is_weak_key() are designed to enable the input and inspection of  a
       key  by a user before that key is used with the Kerberos authentication
       routines.  The  des_crypt()  routines  are  not	designed  for  general

       The  library  makes  extensive  use  of	the locally defined data types
       C_Block and Key_schedule. The C_Block struct is an 8-byte block used by
       the various routines of the des_crypt() library as the fundamental unit
       for DES data and keys.

       Converts a null-terminated string of arbitrary  length  to  an  8-byte,
       odd-byte-parity DES key. The str argument is a pointer to the character
       string to be converted and key points to	 a  C_Block  supplied  by  the
       caller to receive the generated key.  The one-way function used to con‐
       vert the string to a key makes it very difficult for anyone  to	recon‐
       struct  the  string  from  the  key.   No meaningful value is returned.
       des_is_weak_key() checks a new key input by a user to determine	if  it
       belongs	to  the	 well  known set of DES keys which do not provide good
       cryptographic  behavior.	 If   a	  key	passes	 the   inspection   of
       des_is_weak_key(),  then	 it can be used with the des_quad_cksum() rou‐
       tine. The input is a DES key and the output is equal to 1 if the key is
       not a safe key to use; it is equal to 0 if it is safe to use.  Produces
       a  checksum  by	chaining  quadratic  operations	 on  cleartext	 data.
       des_quad_cksum()	 can  be  used	to produce a normal quadratic checksum
       and, if used with the DES key shared between two authenticated Kerberos
       principals,  it	can  also provide for the integrity and authentication
       protection of data sent from one principal to another.

	      Input of length bytes are run through the des_quad_cksum()  rou‐
	      tine iterations times to produce output.	If output is NULL, one
	      iteration is performed and output is not affected. If output  is
	      not  NULL,  the  quadratic  checksum algorithm will be performed
	      iterations times on input, placing eight bytes  (two  longwords)
	      of  result in output for each iteration.	At all times, the low-
	      order bits of the last quadratic	checksum  algorithm  pass  are
	      returned by des_quad_cksum().

	      The  quadratic  checksum	algorithm performs a checksum on a few
	      bytes of data and feeds the result  into	the  algorithm	as  an
	      addition	input  to the checksum on the next few bytes. The seed
	      serves as the additional input for the first checksum  operation
	      and, therefore, the final checksum that results depends upon the
	      seed input into the algorithm.  If the DES  key  shared  between
	      two  Kerberos principals is used as the initial seed, then since
	      the checksum that results depends upon the seed, the ability  to
	      produce  the checksum proves identity and authentication.	 Also,
	      since the message cannot be altered  without  knowledge  of  the
	      seed,  it	 also provides for data integrity.  des_key_sched() is
	      used to convert the key input into a new format that can be used
	      readily with encryption functions.  The result, schedule, can be
	      used  with  the  krb_sendmutual()	 functions  to	enable	mutual
	      authentication of two Kerberos principals.

	      A	 0  is	returned  from des_key_sched() if successful.  A -1 is
	      returned if the each byte of the key does not have  odd  parity.
	      A	 -2  is	 returned  if  the  key	 is  a	weak key as defined by


List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net