The Data Encryption Standard (DES) was established by the National Institute of Standards and Technology (NIST). DES is described in Federal Information Processing Standards (FIPS) Publication 46-3. DES is authorized for encrypting unclassified, but sensitive, U.S. Government information. DES may be, and has been, used in commercial cryptographic applications.
DES is an encoding, or cryptographic, algorithm which requires a cryptographic key that is 64 binary bits in length. A binary bit (hereinafter referred to as a bit) is a bit that may only take on one of two values, 0 or 1.
DES uses the same key for both encryption and decryption. Such a key is commonly referred to as a symmetric key. Each 64-bit DES key consists of 56 randomly generated bits and 8 parity bits.
A 64-bit DES key is partitioned into 8 8-bit segments. An 8-bit segment is commonly referred to as a byte. Each byte of a DES key consists of 7 randomly generated bits and 1 parity bit.
Parity is the function of making the total number of ones in a segment of bits either even or odd. If the parity bit makes the number of ones in a segment even then the parity of the segment is referred to as even parity. If the parity bit makes the number of ones in a segment odd then the parity of the segment is referred to as odd parity. DES requires odd parity. Therefore, to generate a DES key, 56 bits must be randomly generated, divided into 8 7-bit segments, and have an odd-parity bit generated for each of the 8 7-bit segments.
To insure that the content of an encrypted message is not revealed to an unintended person, the cryptographic key used to encrypt the message must not be known by the unintended person. The degree of difficulty of an unintended person to determine a cryptographic key that was not given to the person is a measure of the strength of the key. A strong key is not easily determined by one who is not given the key. A weak key is more easily determined by one who is not given the key. Weak keys result when the bits that are supposed to be random are either not random or exhibit a pattern that repeats. Each of these flaws reduces the amount of effort an unintended person must expend to determine the key.
In DES, a second encryption of a previously encrypted message, where the same key is used for both encryptions, should not result in the decryption of the encrypted message. In DES, subsequent encryptions should further encrypt the message. However, there are four keys for which a second encryption using the same key acts as decryption. Per FIPS Publication 74, paragraph 3.6, the four DES keys in hexadecimal (one hexadecimal bit represents 4 binary bits) are 0101010101010101, FEFEFEFEFEFEFEFE; E0E0E0E0E0E0E0E0; and 1F1F1F1F1F1F1F1F. In addition DES encryption should never perform the same function as DES decryption. However, FIPS Publication 74, paragraph 3.6, lists 12 DES keys for which there exists keys that can be used with DES encryption to mimic DES decryption. The 12 keys are E001E001F101F101; FE1FFE1FFE0EFE0E; EO1FE01FF10EF10E; 01FE01FE01FE01FE; 011F011F010E010E; E0FEE0FEF1FEF1FE; 01E001E001F101F1; 1FFE1FFE0EFEOEFE; 1FE01EF10EF1; FE01FE01FE01FE01; 1F011F010E010E01; and FEE0FEE0FEF1FEF1. These sixteen keys should be avoided when using DES.
U.S. Pat. No. 5,323,464, entitled “COMMERCIAL DATA MASKING,” discloses a device for and method of modifying DES keys in such a manner that would make the result exportable from the United States. DES was not exportable at the time U.S. Pat. No. 5,323,464 was filed. The present invention does not modify DES keys, as does U.S. Pat. No. 5,323,464. U.S. Pat. No. 5,323,464 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 6,157,723, entitled “METHOD AND APPARATUS FOR SECURE COMMUNICATIONS WITH ENCRYPTION KEY SCHEDULING,” discloses a device for and method of selecting cryptographic keys from a list of keys based on specific time periods. The present invention does not select cryptographic keys based on time periods, as does U.S. Pat. No. 6,157,723. U.S. Pat. No. 6,157,723 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 6,292,896, entitled “METHOD AND APPARATUS FOR ENTITY AUTHENTICATION AND SESSION KEY GENERATION,” discloses a device for and method of generating a cryptographic key using a shared secret with another party, time-dependent information shared with the other party, and a key weakening function. The present invention does not use time-dependent information or a key weakening function, as does U.S. Pat. No. 6,292,896. U.S. Pat. No. 6,292,896 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. No. 2003/0112970 A1, entitled “HOW TO GENERATE UNBREAKABLE KEY THROUGH ANY COMMUNICATION CHANNEL,” discloses a device for and method of generating a cryptographic key by using a key exchange method with a double encrypted key. The present invention does not use a key-exchange method with a double encrypted key. U.S. Appl. Pat. No. 2003/0112970 is hereby incorporated by reference into the specification of the present invention.