DES is a symmetric encryption algorithm developed in the 1970s by IBM based off an algorithm called Lucifer, and was adopted as a federal standard in 1976. The first step is to encrypt using DES is to create a DES object.
obj=DES.new('abc', DES.MODE_ECB)
fails with the following ValueError: Key must be 8 bytes long not 3. In fact, DES uses a 56-bit key length but 64 bits must be specified with every 8th bit reserved for parity checking. A handful of numbers are considered weak keys (example: alternating 1s and 0s). We have selected to use DES in ECB (electronic codebook) mode (note that a cipher mode should not compromise the security of the underlying algorithm). The DES package offers other modes including CBC, CFB, OFB and PGP. The other thing we need to know about DES is it is a block cipher encrypting data in 64 bit blocks as opposed to a stream cipher which encrypts data one bit (or one byte) at a time. Right, now assume we have changed the key to 8 bytes (e.g. abcdefgh). We would like to encrypt a message.
data="the rain in hawaii stays mainly in mount waialeale"
ciphertext=obj.encrypt(data)
This also results in a ValueError because we are not obeying the data restrictions specified by DES, namely that "input strings must be a multiple of 8 in length". This is because DES operates on blocks of 64 bits. We can easily scale up the data to be a multiple of 64 bits in size as follows.
if (len(data)%64)!=0): data += "x" * (64-len(data))
If you now do obj.encrypt on the data and print the results you will see the message beautifully encrypted.
To understand how this algorithm works unfortunately we cannot just use the Python debugger. I have installed the source in C:\Python25\pycrypto-2.0.1\src\DES.c. (you will also see DES3.c for Triple-DES, AES.c for Advanced Encryption Standard and ARC4 for Alleged RC4 algorithm in this directory).
DES operates on the principles of confusion and diffusion, described in Claude Shannon's "Communication Theory of Secrecy Systems" (1949). Confusion aims to muddy the relationship between plaintext and ciphertext, using techniques like subsitution in the Caesar Cipher (where every letter is substituted with another). Diffusion aims to spread redundancy of the plaintext through the ciphertext. One way to achieve this is via transposition, rearranging the letters in the plaintext.
DES comprises 16 rounds of substitution/permutations based off the 56 bit key.
Some specific details are available from IBM Research, including how DES deals with differential cryptanalysis.
The Helm Package Manager for Kubernetes
6 days ago
No comments:
Post a Comment