In cryptography, CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength of the 56-bit DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key shortening. It is one of the cryptographic algorithms supported by S-HTTP.
Algorithm
editLike DES, CDMF accepts a 64-bit input key, but not all bits are used. The algorithm consists of the following steps:
- Clear bits 8, 16, 24, 32, 40, 48, 56, 64 (ignoring these bits as DES does).
- XOR the result with its encryption under DES using the key 0xC408B0540BA1E0AE.
- Clear bits 1, 2, 3, 4, 8, 16, 17, 18, 19, 20, 24, 32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.
- Encrypt the result under DES using the key 0xEF2C041CE6382FE6.
The resulting 64-bit data is to be used as a DES key. Due to step 3, a brute force attack needs to test only 240 possible keys.
References
edit- D.B. Johnson; S.M. Matyas; A.V. Le; J.D. Wilkins (March 1994). "The Commercial Data Masking Facility (CDMF) data privacy algorithm" (PDF). IBM Journal of Research and Development. 38 (2). IBM: 217–226. doi:10.1147/rd.382.0217. Retrieved April 11, 2007.
- U.S. patent 5,323,464, IBM's patent on CDMF
- ISO/IEC9979-0005 Register Entry (PDF), registered October 29, 1994
- Schneier, Bruce (1996). Applied Cryptography (2nd ed.). John Wiley & Sons. p. 366. ISBN 0-471-11709-9.
- RFC 2660, defines S-HTTP