Re: Weak key detection (was Re: OpenSSL patch for Heimdal 0.3d)

[Assar Westerlund <assar@sics.se>]

"Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> writes:
> Tangent:  Jeff Hutzelman just reminded me that he has found a problem with 
> the weak key detection in kth-krb and heimdal.

He sent me mail actually, and I've fixed it.  Patch follows.  And
there's no reason to panic really, the probability of hiting these
keys is very small, but of course the test should be done correctly.

/assar

rsh: juguete.sics.se: Password has expired
Index: set_key.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/lib/des/set_key.c,v
retrieving revision 1.4
retrieving revision 1.6
diff -u -w -u -w -r1.4 -r1.6
--- set_key.c	1997/06/22 10:14:05	1.4
+++ set_key.c	2001/02/16 15:26:37	1.6
@@ -97,7 +97,7 @@
 	return(1);
 	}
 
-/* Weak and semi week keys as take from
+/* Weak and semi week keys were originally as take from
  * %A D.W. Davies
  * %A W.L. Price
  * %T Security for Computer Networks
@@ -106,13 +106,18 @@
  * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
  * (and actual cblock values).
  */
+
+/* The corrected values are from FIPS 74:
+ * http://www.itl.nist.gov/fipspubs/fip74.htm
+ */
+
 #define NUM_WEAK_KEY	16
 static des_cblock weak_keys[NUM_WEAK_KEY]={
 	/* weak keys */
 	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
 	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
-	{0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
-	{0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
 	/* semi-weak keys */
 	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
 	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},