For inclusion into RFC 1510 --------------------------- The assigned encryption type designating the use of triple DES is 5. The assigned checksum type designating the use of encrypting and MD5 checksum with triple DES keys is 9. Triple DES is implemented using three DES keys. An Electronic CodeBook encryption (3-DES ECB) is done by doing a DES ECB encryption of an eight octet data block with the first DES key, performing a DES ECB decryption of the resulting data block with the second key and performing a DES ECB encryption of the result with the third key. The encryption of a data stream in Cipher Block Chaining mode is accomplished by eXclusive-ORing each eight-octet data block with the cipher computed from the previous data block, and then performing a 3-DES ECB encryption. The first data block is eXclusive-ORed with an initial vector, which is commonly zero prior to performing the 3-DES ECB. The string-to-key algorithm that is used for converting a user's password into a 3-DES key is a one-way function, evenly distributing the user's input in the resulting key. The user's input is appended with the salt information (typically the realm name), and 168-folded to produce three DES keys sans parity. The 168 bits are then expanded to include odd parity, for use within the DES routines. If any of the keys are weak or semi-weak, they are strengthened by eXclusive-ORing the questionable key with the constant 00000000000000F0. The three DES keys are then used to encrypt themselves in 3-DES CBC mode with a zero initial vector. This result is once again encrypted using the same keys and key schedule and an initial vector of the last eight octets. The result is then parity adjusted. If the final result yields weak or semi-weak keys, they are also strengthened in the same manner as the input keys. The n-fold operation used by the string-to-key algorithm replicates the input bit array X until its length is the least common multiple of n bits and the length of X. Before each replication, the input is circularly rotated to the right by 13 bit positions. The successive n-bit chunks of the resulting bit array are then added together with end-around carry to yield a n-bit result. The first bit position in the arrays is treated as the most significant bit. Glossary -------- n-fold To n-fold a bit array X into n bits, replicate the input value to a length that is the least common multiple of n bits and the length of X. Before each successive repetition, circularly rotate the input X to the right by 13 bit positions. The successive n-bit chunks are added together (where the first bit is the most significant bit) with end-around carry (that is, adding the carry result from the most significant bits to the least significant bits) to yield a n-bit result. Triple-DES ECB mode: Three DES keys are used in turn to perform a DES ECB encryption of an eight-octet data block with the first key, followed by a DES ECB decryption of the resulting data block with the second key, followed by a DES ECB encryption of the resulting data block with the last key. Triple-DES CBC mode: An input data stream is padded on the right by zeroes to an eight-octet boundary. The first eight octet block is eXclusive-ORed with an initial vector eight-octet block. This result is triple-DES ECB encrypted with three DES keys. Subsequent eight-octet data blocks are eXclusive-ORed with the cipher text produced from the 3-DES ECB encryption of the previous block and then the data block is 3-DES ECB encrypted with the same DES keys. Triple-DES String to key computation: The input string (appended with any salt data) is 168-folded into a 21 octet (168 bit) string. Each successive set of 7 octets is treated as a DES key sans parity. The DES keys are then adjusted to include parity by computing a parity bit for each successive seven bits to form eight octets. The resulting DES keys including parity are then used to encrypt themselves using Triple-DES CBC encryption with a zero initial vector. The result is then adjusted for parity to produce three valid DES keys. Each key is checked for weakness, and if it is determined to be weak or semi-weak, the first octet of each weak key is eXclusive-ORed with the value 0xF0.
