crypto(3) ?

[Torbjorn Tornkvist]

Thanx a lot Peter !
(I just got encrypted passwords with esmb to work.)

Cheers, Tobbe



peter@REDACTED wrote:

>Hi,  
>
>It is covered, but you have to use a special case of the des_cbc_encrypt/3
>function as follows (referring to the example in your letter below):
>
>  E(Ki,Dj) = crypto:des_cbc_encrypt(Ki, 0, Dj), i=0,Kmax, j=0,..Dmax,
>
>where Ki and Dj are 8 byte quantities (for each Ki only 7 bits are 
>considered).
>
>The des functions in `crypto' are for the Cipher Block Chaining (CBC)
>mode, where results of the previous encryption/decryption step is fed into
>the next step by the initializing vector, IV, but can be used for the 
>basic DES mode as well:
>
>If IV is set to zero (it is xored with the first 8 byte segment of input),
>and 8 byte is provided as input, you get the basic DES
>encryption/decryption of an 8 byte quantity.
>
>This is not at all obvious, but true. FIPS 81 states the details.
>
>/Peter
>
>
>On Thu, 4 Mar 2004, Torbjörn Törnkvist wrote:
>
>  
>
>>Hi,
>>
>>I've been comparing the crypto(3) man page with the CIFS  description
>>on how the (SMB) session key is computed, trying to understand if they
>>are the same. Perhaps someone (Peter ?) could comment on this?
>>
>>The CIFS explanation:
>> ------------------------------------
>>E(K, D) denote the DES block mode encryption function [FIPS 81] , which
>>accepts a seven byte key (K) and an eight byte data block (D) and produces
>>an eight byte encrypted data block as its value.
>>
>>Ex(K,D) denote the extension of DES to longer keys and data blocks. If the
>>data to be encrypted is longer than eight bytes, the encryption function is
>>applied to each block of eight bytes in sequence and the results are 
>>concatenated
>>together. If the key is longer than seven bytes, each 8 byte block of 
>>data is first
>>completely encrypted using the first seven bytes of the key, then the 
>>second seven
>>bytes, etc., appending the results each time. For example, to encrypt 
>>the 16 byte
>>quantity D0D1 with the 14 byte key K0K1,
>>Ex(K0K1,D0D1) = concat(E(K0,D0),E(K0,D1),E(K1,D0),E(K1,D1))
>>
>>So is this algorithm covered by the crypto module?
>>This just gives me headache...
>>
>>Cheers, Tobbe
>>
>>
>>
>>This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.
>>
>>E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.
>>
>>    
>>
>
>
>This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.
>
>E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.
>
>
>  
>