Using Weak keys in DES and TripleDES

24 Mar 2005 4:10 PM

Mark Oeltjenbruns

I'm trying to use TripleDESCryptoServiceProvider to encrypt some data to
authenticate with a DESFire card, however, the default key is 16 zeros which
causes a CryptographicExecption to be thrown; it complains about weak keys.
The card also supports Key1 = Key2, which gives DES support; This also
throws the weak keys exception. I know that using these 'weak' keys is bad,
but I have no choice; I can't change to strong keys without first using the
weak key to authenticate to the card. Is there a way to flag that it is ok
to use weak keys? The 2nd problem I could overcome by checking the key and
using the DES provider, but this seems rather clunky.

Any thoughts?

24 Mar 2005 4:51 PM

Valery Pryamikov

Hi,
you can use simple DES instead of TripleDES. 3DES EDE is just
DES_Encrypt(K3, DES_Decrypt(K2, DES_Encrypt(K3, data_block))). So, you'll be
able to use it with key1==key2 (but not with all zeros key).

-Valery.
http://www.harper.no/valery

Show quoteHide quote

"Mark Oeltjenbruns" <faster***@gmail.com> wrote in message
news:eeBIKwIMFHA.2420@TK2MSFTNGP12.phx.gbl...
> I'm trying to use TripleDESCryptoServiceProvider to encrypt some data to
> authenticate with a DESFire card, however, the default key is 16 zeros
> which
> causes a CryptographicExecption to be thrown; it complains about weak
> keys.
> The card also supports Key1 = Key2, which gives DES support; This also
> throws the weak keys exception. I know that using these 'weak' keys is
> bad,
> but I have no choice; I can't change to strong keys without first using
> the
> weak key to authenticate to the card. Is there a way to flag that it is
> ok
> to use weak keys? The 2nd problem I could overcome by checking the key
> and
> using the DES provider, but this seems rather clunky.
>
> Any thoughts?
>
>