Hello there!
I'm just a stranger here, so, please, bear with my, probably, wrong
remark. I was going to look at how the DES weak keys are handled during
the key generation in SSLeay and was surpised when I saw it.
The weak_keys (file set_key.c) array contains odd-parity adjusted keys. On
the other side the function des_random_key (of the file rand_key.c) first
checks if the key is weak and, only then, sets parity. This means that,
e.g., the key 0,1,1,1,1,1,1,1 will pass the weakness check and will be
transformed into 1,1,1,1,1,1,1,1 on output.
I understand that all this weak-key verification is something pretty
worthless (taking into account the hit probability) but, as long as this
verification is implemented, it should be properly implemented. Can
somebody, please, confirm it or correct me?
--
Leva
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
