Case Study: Encrypting telnet

7

• The DES library wanted 56-bit keys plus proper parity.

• The “generate a 64-bit random key” routine didn’t set the parity bits properly.

• When handed a bad key, the DES library treated the key as all zeroes.

• With probability 255/256, the session was encrypted with a known, constant key!

Previous slide

Next slide

Back to first slide

View graphic version