Re: working of des with ssh

From: Darren Tucker (dtucker@dodgy.net.au)
Date: 11/22/02 

From: dtucker@dodgy.net.au (Darren Tucker)
Date: Fri, 22 Nov 2002 07:42:00 GMT

In article <697b8851.0211211851.3264691e@posting.google.com>,
Nik <nchopra@think3.com> wrote:
>i am a IS professional, have to write a paper on details of how ssh utilizes
>DES/3DES. Does anybody know of any good books/papers/websites/anything?

The RFCs would be a good place to start. They can be found in the ssh1 and
ssh2 tarballs from ssh.com.

The draft RFC for SSH v1 says:

  "SSH_CIPHER_DES
        The key is taken from the first 8 bytes of the session key. The
        least significant bit of each byte is ignored. This results in
        56 bits of key data. DES [DES] is used in CBC mode. The iv
        (initialization vector) is initialized to all zeroes.

   SSH_CIPHER_3DES
        The variant of triple-DES used here works as follows: there are
        three independent DES-CBC ciphers, with independent initializa-
        tion vectors. The data (the whole encrypted data stream) is
        first encrypted with the first cipher, then decrypted with the
        second cipher, and finally encrypted with the third cipher. All
        these operations are performed in CBC mode."

The relevant part of the ssh2 rfc draft says:

 "The "3des-cbc" cipher is three-key triple-DES (encrypt-decrypt-
   encrypt), where the first 8 bytes of the key are used for the first
   encryption, the next 8 bytes for the decryption, and the following 8
   bytes for the final encryption. This requires 24 bytes of key data
   (of which 168 bits are actually used). To implement CBC mode, outer
   chaining MUST be used (i.e., there is only one initialization
   vector). This is a block cipher with 8 byte blocks. This algorithm
   is defined in [SCHNEIER]" 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: private key encryption - doubts
    ... >> Suppose I finally got the symmetric key decided by the originator. ... >> its just a key that will be used for encryption. ... > SSL2 from the netscape web site ... > slicking on the rfc number brings up the RFC summary. ...
    (comp.security.ssh)
  • Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sit
    ... Have you even *read* the RFC in question? ... The design goal of most compression algorithms is that *anybody* ... the compressed data and get back the original. ... encryption is that *only the intended recipient* can decrypt and ...
    (Full-Disclosure)
  • Re: Error in RFC 3217
    ... > There is an error in the test vectors for RC2 Key Wrap given in RFC ... I've never known an RFC to be corrected. ... > The algorithms specified in RFC 3217 are primarily used for S/MIME. ... > with a DH public key and the RC2-CBC encryption algorithm, ...
    (sci.crypt)
  • Re: Using SSPI to encrypt UDP messages
    ... that you are offering a 10-year-old encryption ... which uses outdated DES and MD5 as written in the RFC? ... RFC is simply the framework on which Windows AuthN is built. ... Kerberos encryption mechanisms introduced in Windows 2000. ...
    (microsoft.public.platformsdk.security)