|
Information Security
< Previous Next >
DES (option 2)
Andrew Smith / Redfish Group LLC
7 Sep 2001 9:03PM ETHello,
I'm looking at plain DES encryption (option 2) and seem to be finding somewhat conflicting information. The Security Protocol Application Note appears to describe not just PGP-DES-MD5 and PEM-DES-MD5, but DES as well. For example, it says "... if the EncryptMethod is DES (i.e. option 2), the [LOGON] buffer is encrypted using the DES master key... the DES master key is used only for encrypting LOGON messages." If this app note is indeed the documentation for DES encryption, it seems to imply or state the following:
1. Logon message contains a SessionInfo struct in the RawData field.
2. Logon message is encrypted with master key in ECB mode (not stated, but implied since no initialization vector seems to be available at initial logon time.)
3. Non-logon messages are encrypted in CBC mode using the procedure given.
However, I've read postings in this forum that state for DES _all_ messages should be encrypted in ECB mode. The app note never mentions ECB mode.
So if anyone can help me with the following questions, I would certainly appreciate it.
1. Which is it - ECB only, ECB/CBC, or other?
2. If ECB only, which key is used for non-Logon messages, the master key or the key given in SessionInfo? If the SessionInfo key, what about the IVec? Should it be included but empty, or excluded? If the master key, should SessionInfo then not be included?
3. Also if ECB only, why? The app note seems to make sense and to be more secure.
Thanks for your help.
Andrew Smith
DES (option 2)
Andrew Smith / Redfish Group LLC 7 Sep 2001 9:03PM ET re: DES (option 2) Ryan Pierce / Townsend Analytics Ltd. / Archipelago LLC 10 Sep 2001 3:47PM ET
|
