4 %%DocumentFonts: (atend)
7 % FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0
8 % Copyright (c) 1986,87,89 by Frame Technology, Inc. All rights reserved.
11 % Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1
13 % Set up Color vs. Black-and-White
14 /FMPrintInColor systemdict /colorimage known def
15 % Uncomment this line to force b&w on color printer
16 % /FMPrintInColor false def
17 /FrameDict 190 dict def
18 systemdict /errordict known not {/errordict 10 dict def
19 errordict /rangecheck {stop} put} if
20 % The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk
21 FrameDict /tmprangecheck errordict /rangecheck get put
22 errordict /rangecheck {FrameDict /bug true put} put
23 FrameDict /bug false put
25 % Some PS machines read past the CR, so keep the following 3 lines together!
26 currentfile 5 string readline
30 errordict /rangecheck FrameDict /tmprangecheck get put
40 gstring exch gindex exch put
41 /gindex gindex 1 add def
44 gstring 0 gindex getinterval true
49 /Times-Roman findfont 18 scalefont setfont
51 (FrameMaker version does not match postscript_prolog!)
74 array /FMfonts exch def
77 0 ne dup {setmanualfeed} if
82 manualfeed {true} {papersize} ifelse
83 {manualpapersize} {false} ifelse
84 {desperatepapersize} if
87 currenttransfer cvlit /orgxfer exch def
88 currentscreen cvlit /orgproc exch def
89 /organgle exch def /orgfreq exch def
99 /landscape exch 0 ne def
101 90 rotate 0 exch neg translate pop
106 /orgmatrix matrix def
126 /FMNORMALIZEGRAPHICS {
147 [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall
150 fw urx llx sub div fh ury lly sub div scale
151 llx neg lly neg translate
159 %%BeginFeature *ManualFeed True
160 statusdict /manualfeed true put
163 /max {2 copy lt {exch} if pop} bind def
164 /min {2 copy gt {exch} if pop} bind def
167 paperheight sub abs 16 lt exch
168 paperwidth sub abs 16 lt and
169 {/papername exch def} {pop} ifelse
171 /papersizedict FMLOCAL
173 /papersizedict 14 dict def
175 /papername /unknown def
176 /Letter 8.5 inch 11.0 inch pagedimen
177 /LetterSmall 7.68 inch 10.16 inch pagedimen
178 /Tabloid 11.0 inch 17.0 inch pagedimen
179 /Ledger 17.0 inch 11.0 inch pagedimen
180 /Legal 8.5 inch 14.0 inch pagedimen
181 /Statement 5.5 inch 8.5 inch pagedimen
182 /Executive 7.5 inch 10.0 inch pagedimen
183 /A3 11.69 inch 16.5 inch pagedimen
184 /A4 8.26 inch 11.69 inch pagedimen
185 /A4Small 7.47 inch 10.85 inch pagedimen
186 /B4 10.125 inch 14.33 inch pagedimen
187 /B5 7.16 inch 10.125 inch pagedimen
192 /Letter {lettertray} def
193 /LetterSmall {lettertray lettersmall} def
194 /Tabloid {11x17tray} def
195 /Ledger {ledgertray} def
196 /Legal {legaltray} def
197 /Statement {statementtray} def
198 /Executive {executivetray} def
201 /A4Small {a4tray a4small} def
204 /unknown {unknown} def
205 papersizedict dup papername known {papername} {/unknown} ifelse get
207 /FMdicttop countdictstack 1 add def
208 statusdict begin stopped end
209 countdictstack -1 FMdicttop {pop end} for
214 /LetterSmall {lettersmall} def
218 /Statement {statement} def
219 /Executive {executive} def
222 /A4Small {a4small} def
225 /unknown {unknown} def
226 papersizedict dup papername known {papername} {/unknown} ifelse get
230 /desperatepapersize {
231 statusdict /setpageparams known
233 paperwidth paperheight 0 1
235 {setpageparams} stopped pop
240 orgmatrix currentmatrix pop
246 /dpi 72 0 dmatrix defaultmatrix dtransform
247 dup mul exch dup mul add sqrt def
248 /freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def
249 /sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
251 /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
252 /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
253 /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
254 /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
255 /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
256 /numbersign /dollar /percent /ampersand /quotesingle /parenleft
257 /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
258 /two /three /four /five /six /seven /eight /nine /colon /semicolon
259 /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
260 /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
261 /bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
262 /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
263 /braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
264 /Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
265 /atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
266 /iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
267 /ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
268 /udieresis /dagger /.notdef /cent /sterling /section /bullet
269 /paragraph /germandbls /registered /copyright /trademark /acute
270 /dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
271 /yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
272 /ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
273 /exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
274 /guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
275 /Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
276 /quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
277 /fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
278 /periodcentered /quotesinglbase /quotedblbase /perthousand
279 /Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
280 /Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
281 /Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
282 /breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
293 Encoding StandardEncoding eq
295 /Encoding DiacriticEncoding def
314 /onbits 0 def /offbits 0 def
315 freq sangle landscape {90 add} if
318 /xindex x 1 add 2 div bpside mul cvi def
319 /yindex y 1 add 2 div bpside mul cvi def
320 bstring yindex bwidth mul xindex 8 idiv add get
321 1 7 xindex 8 mod sub bitshift and 0 ne
322 {/onbits onbits 1 add def 1}
323 {/offbits offbits 1 add def 0}
328 offbits offbits onbits add div FMsetgray
335 orgxfer cvx settransfer
336 orgfreq organgle orgproc cvx setscreen
349 % array of arrays Hue and Sat values for the separations [HUE BRIGHT]
358 [0.16 1.0] % comment / yellow
367 0 get /HUE exch store
368 1 get /BRIGHT exch store
369 HUE 0 eq BRIGHT 0 eq and
370 {1.0 SAT sub setgray}
371 {HUE SAT BRIGHT sethsbcolor}
375 /SAT exch 1.0 exch sub store
376 HUE 0 eq BRIGHT 0 eq and
377 {1.0 SAT sub setgray}
378 {HUE SAT BRIGHT sethsbcolor}
388 /FMsetgray {setgray} bind def
395 transform round exch round exch itransform
398 dtransform round exch round exch idtransform
401 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
404 lnormalize setlinewidth
410 fillprocs exch get exec
413 gsave eofill grestore
418 /M {newpath moveto} bind def
420 /D {curveto} bind def
421 /O {closepath} bind def
428 2 1 n {pop normalize lineto} for
460 x1 y2 x2 y2 rad arcto
461 x2 y2 x2 y1 rad arcto
462 x2 y1 x1 y1 rad arcto
463 x1 y1 x1 y2 rad arcto
497 0 32 3 2 roll widthshow
503 0 32 3 2 roll widthshow
519 0 32 4 2 roll 0 exch awidthshow
525 0 32 4 2 roll 0 exch awidthshow
545 /dl dx dx mul dy dy mul add sqrt def
547 /t currentlinewidth def
551 /r [Cos Sin Sin neg Cos 0.0 0.0] def
552 /t2 t 2.5 mul 3.5 max def
557 dl t 2.7 mul sub 0.0 rlineto
560 x dx add y dy add translate
562 t 0.67 mul setlinewidth
563 t 1.61 mul neg 0.0 translate
565 t2 1.7 mul neg t2 2.0 div moveto
567 t2 1.7 mul neg t2 2.0 div neg lineto
576 normalize translate 0.0 0.0 moveto
578 0.0 0.0 1.0 5 3 roll arc
586 2 index 2 div add exch 3 index 2 div sub exch
587 normalize 2 index 2 div sub exch 3 index 2 div add exch
590 0.0 0.0 1.0 5 3 roll arc
603 /FMsaveobject FMLOCAL
607 /FMdicttop countdictstack 1 add def
608 /FMoptop count 4 sub def
609 /FMsaveobject save def
613 3 index neg 3 index neg translate
616 count -1 FMoptop {pop pop} for
617 countdictstack -1 FMdicttop {pop end} for
633 0 1 sl 1 sub {str exch val put} for
637 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
638 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
640 {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
641 {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
642 {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
643 {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
644 {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
645 {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
646 {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
647 {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
648 {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
681 ws 0 len getinterval im pos len getinterval copy pop
687 bs 0 len getinterval im pos len getinterval copy pop
694 /val cf s1 readhexstring pop 0 get def
695 pos 1 pos len add 1 sub {im exch val put} for
700 cf exch readhexstring pop pop
711 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse
726 translate rotate scale /h exch def /w exch def
731 /is im 0 lb getinterval def
732 ws 0 lb getinterval is copy pop
734 w h d [w 0 0 h neg 0 h]
752 translate rotate scale /h exch def /w exch def
755 /is w d wbytes string def
757 w h d [w 0 0 h neg 0 h]
758 {cf is readhexstring pop} image
766 /proc2 exch cvlit def
767 /proc1 exch cvlit def
768 /newproc proc1 length proc2 length add array def
769 newproc 0 proc1 putinterval
770 newproc proc1 length proc2 putinterval
773 /ngrayt 256 array def
775 /nbluet 256 array def
776 /ngreent 256 array def
795 /cynu 1 red indx get 255 div sub def
796 /magu 1 green indx get 255 div sub def
797 /yelu 1 blue indx get 255 div sub def
798 /k cynu magu min yelu min def
799 /u k currentundercolorremoval exec def
800 nredt indx 1 0 cynu u sub max sub redt exec put
801 ngreent indx 1 0 magu u sub max sub grnt exec put
802 nbluet indx 1 0 yelu u sub max sub blut exec put
803 ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
805 {255 mul cvi nredt exch get}
806 {255 mul cvi ngreent exch get}
807 {255 mul cvi nbluet exch get}
808 {255 mul cvi ngrayt exch get}
810 {pop 0} setundercolorremoval
811 {} setblackgeneration
816 0 1 255 {/indx exch def
819 green indx get 151 mul
821 add add 256 idiv put} for
823 {255 mul cvi tran exch get 255.0 div}
824 exch Fmcc settransfer
829 translate rotate scale /h exch def /w exch def
832 /is w d wbytes string def
834 w h d [w 0 0 h neg 0 h]
835 {cf is readhexstring pop} {is} {is} true 3 colorimage
842 translate rotate scale /h exch def /w exch def
847 /is im 0 lb getinterval def
848 ws 0 lb getinterval is copy pop
850 w h d [w 0 0 h neg 0 h]
851 {ip} {is} {is} true 3 colorimage
856 8 {fakecolorsetup} COMMONBITMAP
859 8 {fakecolorsetup} COMMONBITMAPc
867 1 1 612 792 0 1 16 FMDOCUMENT
868 /fillprocs 32 array def
869 fillprocs 0 { 0.000000 grayness } put
870 fillprocs 1 { 0.100000 grayness } put
871 fillprocs 2 { 0.300000 grayness } put
872 fillprocs 3 { 0.500000 grayness } put
873 fillprocs 4 { 0.700000 grayness } put
874 fillprocs 5 { 0.900000 grayness } put
875 fillprocs 6 { 0.970000 grayness } put
876 fillprocs 7 { 1.000000 grayness } put
877 fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put
878 fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put
879 fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
880 fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
881 fillprocs 12 {<8142241818244281> 8 1 setpattern } put
882 fillprocs 13 {<8040201008040201> 8 1 setpattern } put
883 fillprocs 14 {<03060c183060c081> 8 1 setpattern } put
885 fillprocs 16 { 1.000000 grayness } put
886 fillprocs 17 { 0.900000 grayness } put
887 fillprocs 18 { 0.700000 grayness } put
888 fillprocs 19 { 0.500000 grayness } put
889 fillprocs 20 { 0.300000 grayness } put
890 fillprocs 21 { 0.100000 grayness } put
891 fillprocs 22 { 0.030000 grayness } put
892 fillprocs 23 { 0.000000 grayness } put
893 fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put
894 fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put
895 fillprocs 26 {<3333333333333333> 8 1 setpattern } put
896 fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
897 fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
898 fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
899 fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
902 0 12 /Helvetica-Bold FMDEFINEFONT
903 1 12 /Helvetica-BoldOblique FMDEFINEFONT
905 %%BeginPaperSize: Letter
907 612 792 0 FMBEGINPAGE
914 1.2 (IMPLEMENT) 178.34 388 S
916 1.2 (TION NOTES ON ) 267.85 388 S
918 1.2 (bdes) 382.61 388 S
920 1.2 (\0501\051) 415.4 388 S
921 1.2 (Matt Bishop) 265.09 338 S
923 1.2 (echnical Report PCS-TR91-158) 205.38 288 S
927 612 792 0 FMBEGINPAGE
934 0 12 /Times-Roman FMDEFINEFONT
935 1 18 /Times-Bold FMDEFINEFONT
936 2 18 /Times-BoldItalic FMDEFINEFONT
937 3 12 /Times-Italic FMDEFINEFONT
938 4 12 /Times-Bold FMDEFINEFONT
939 5 10 /Times-Roman FMDEFINEFONT
940 6 12 /Courier FMDEFINEFONT
941 7 12 /Courier-Oblique FMDEFINEFONT
942 8 12 /ZapfDingbats FMDEFINEFONT
943 9 12 /Symbol FMDEFINEFONT
944 10 12 /Courier-Bold FMDEFINEFONT
946 612 792 0 FMBEGINPAGE
955 (Page 1 of 11) 479.71 34.7 T
961 (Implementation Notes on ) 179.84 708 T
965 (\0501\051) 411.19 708 T
969 (Matt Bishop) 276.51 676 T
971 (Department of Mathematics and Computer Science) 182.92 656 T
972 (Dartmouth College) 259.86 642 T
973 (Hanover) 257.45 628 T
974 (, NH 03755) 298.26 628 T
976 (ABSTRACT) 277.68 602 T
978 0.27 (This note describes the implementation of ) 108 582 P
980 0.27 (bdes) 314.13 582 P
982 0.27 (, the \336le encryption program being) 336.12 582 P
983 0.36 (distributed in the 4.4 release of the Berkeley Software Distribution. It implements) 108 568 P
984 (all modes of the Data Encryption Standard program.) 108 554 T
987 (oduction) 104.43 528 T
989 -0.09 (The Data Encryption Standard is a standard endorsed by the federal government. It is con-) 108 504 P
990 -0.56 (siderably stronger than the algorithm used by the ) 72 484 P
992 -0.47 (UNIX) 305.36 484 P
994 -0.56 (\252 ) 330.34 484 P
996 -0.56 (crypt) 344.53 484 P
998 -0.56 (\0501\051 program, and therefore is a more) 369.18 484 P
999 0.11 (suitable candidate for protecting information, especially information contained in ) 72 464 P
1001 0.09 (ASCII) 466.05 464 P
1003 0.11 ( \336les. The) 492.14 464 P
1004 -0.65 (program ) 72 444 P
1006 -0.65 (bdes) 114.99 444 P
1008 -0.65 (\0501\051 implements the DES and all of its modes, including the two authentication modes.) 136.97 444 P
1009 -0.59 (Because others may wish to write software compatible with this program, this note presents) 108 420 P
1010 -0.04 (the layout of the encrypted \336les produced by ) 72 400 P
1012 -0.04 (bdes) 288.86 400 P
1014 -0.04 ( as well as internal details relevant to the imple-) 310.85 400 P
1015 -0.15 (mentation. Whereever possible and appropriate, the description of the ) 72 380 P
1017 -0.15 (des) 408.04 380 P
1019 -0.15 (\0501\051 program given in [4]) 424.03 380 P
1020 -0.2 (has been followed; thus, ) 72 360 P
1022 -0.2 (bdes) 190.77 360 P
1024 -0.2 ( is completely compatible with that program. However) 212.75 360 P
1025 -0.2 (, ) 473.33 360 P
1027 -0.2 (bdes) 479.12 360 P
1029 -0.2 ( also of-) 501.11 360 P
1030 (fers several extensions to ) 72 340 T
1034 ( that are not compatible, and these will be explicitly pointed out.) 211.89 340 T
1035 -0.14 (In this note, strings typed as shown will be in ) 108 316 P
1037 -0.34 (Courier Roman font) 326.78 316 P
1039 -0.14 (, and strings to be) 455.62 316 P
1040 -0.42 (chosen by the user will be in ) 72 296 P
1042 -1 (Courier Oblique font) 209.32 296 P
1044 -0.42 (. The space character \050) 351.24 296 P
1046 -0.35 (ASCII) 457.79 296 P
1048 -0.42 ( <) 483.88 296 P
1050 -0.35 (SP) 493.23 296 P
1052 -0.42 (>, octal) 504.34 296 P
1053 -0.43 (40, decimal 32, hex 20\051 will be represented as \322) 72 276 P
1055 -0.47 (z) 296.98 276 P
1057 -0.43 (\323 and the newline character \050) 301.96 276 P
1059 -0.35 (ASCII) 438.03 276 P
1061 -0.43 ( <) 464.13 276 P
1063 -0.35 (NL) 473.46 276 P
1065 -0.43 (>, octal 12,) 486.79 276 P
1066 -0.05 (decimal 10, hex a\051 as \322) 72 256 P
1068 -0.05 (\277) 181.65 256 P
1070 -0.05 (\323. Because it is often more convenient to represent arbitrary characters as) 189.54 256 P
1071 1.13 (a sequence of hexadecimal digits, that representation will often be used; these digits will be in) 72 236 P
1073 (Courier Bold font) 72 216 T
1075 ( with spaces often inserted for readability) 194.33 216 T
1078 (2. Overview and Use) 72 184 T
1080 -0.39 (Bdes) 108 160 P
1082 -0.39 ( implements the Data Encryption Standard algorithm in software, and enables the user) 131.32 160 P
1083 -0.61 (to encrypt data using any of the four modes of operation of the DES \050Electronic Code Book, Cipher) 72 140 P
1092 (This work is based on work funded by grant NAG2-680 from the National
1093 Aeronautics and Space Administration to ) 72 101.33 T
1094 (Dartmouth College.) 72 89.33 T
1095 (UNIX is a Registered T) 72 77.33 T
1096 (rademark of A) 166.58 77.33 T
1097 (T&T Bell Laboratories.) 223.75 77.33 T
1111 612 792 0 FMBEGINPAGE
1120 (Page 2 of 11) 479.71 34.7 T
1125 0.31 (Block Chaining, ) 72 712 P
1127 0.31 (k) 154.25 712 P
1129 0.31 (-bit Cipher Feed Back, and ) 159.58 712 P
1131 0.31 (k) 293.71 712 P
1133 0.31 (-bit Output Feed Back\051 as well as the Alternate ) 299.04 712 P
1135 0.31 (k) 530.68 712 P
1137 0.31 (-) 536.01 712 P
1138 -0.04 (bit Cipher Feed Back mode. Further) 72 692 P
1139 -0.04 (, ) 244.52 692 P
1141 -0.04 (bdes) 250.48 692 P
1143 -0.04 ( supports message authentication code generation based) 272.46 692 P
1144 (on both the Cipher Block Chaining mode and the ) 72 672 T
1148 (-bit Cipher Feed Back mode.) 316.19 672 T
1149 0.07 (By default, ) 108 648 P
1151 0.07 (bdes) 164.43 648 P
1153 0.07 ( encrypts an input \336le using Cipher Block Chaining mode, and is invoked) 186.41 648 P
1154 -0.4 (as a \336lter) 72 628 P
1155 -0.4 (. The key may be speci\336ed either on the command line or may be typed to the prompt. So,) 114.51 628 P
1156 (if the input \336le ) 72 608 T
1158 (inputf) 145.96 608 T
1161 ( contains the message) 210.73 608 T
1171 (message) 299.83 584 T
1175 (then the following command encrypts it using the key ) 72 560 T
1177 (abcdefgh) 333.5 560 T
1181 (bdes -k abcdefgh < ) 158.48 536 T
1183 (inputf) 295.21 536 T
1188 (outputf) 381.56 536 T
1191 (The option ) 72 512 T
1195 ( indicates the next ar) 137.96 512 T
1196 (gument is the key) 237.01 512 T
1197 (. Now ) 321.17 512 T
1199 (outputf) 353.48 512 T
1202 ( contains) 425.45 512 T
1204 (16 0e eb af 68 a0 d0 19 f1 a2 9b 31 0d 8a 01 c3) 136.89 488 T
1206 0.06 (Other modes are speci\336ed using command-line options, as is control of the way the key is) 108 464 P
1207 (interpreted. The next sections contain several examples, and the Appendix has the manual page.) 72 444 T
1209 (3. Keys and Parity) 72 412 T
1211 0.58 (The key consists of 64 bits, and may be presented in any of hex, binary) 108 388 P
1212 0.58 (, or as a string of) 456.48 388 P
1214 0.12 (ASCII) 72 368 P
1216 0.14 ( characters. If the key is given in hex or binary) 98.1 368 P
1217 0.14 (, it is used as is with no changes. However) 322.21 368 P
1218 0.14 (, if) 526.53 368 P
1219 -0.27 (the key is given in ) 72 348 P
1221 -0.23 (ASCII) 161.59 348 P
1223 -0.27 (, a delicate problem arises: by convention, the parity bit is usually set to 0.) 187.69 348 P
1224 -0.47 (This high-order bit is generally ignored by applications; but the DES
1225 does not do so. Instead, it dis-) 72 328 P
1226 -0.14 (cards the low-order bit, ef) 72 308 P
1227 -0.14 (fectively reducing the size of the space of possible keys from 2) 195.44 308 P
1229 -0.12 (56) 495.97 312.8 P
1231 -0.14 ( to 2) 505.97 308 P
1233 -0.12 (48) 527.01 312.8 P
1236 -0.46 ( T) 108 284 P
1237 -0.46 (o preserve the size of the key space, the value of the parity bit must be related to the value) 117.03 284 P
1238 -0.09 (in the low-order bit, so the program sets the high-order bit to make each character in the key be of) 72 264 P
1239 -0.7 (odd parity) 72 244 P
1240 -0.7 (. \050Note that the initial value of the parity bit is ) 119.49 244 P
1242 -0.7 (not) 334.99 244 P
1244 -0.7 ( used in this computation.\051 For example,) 350.31 244 P
1245 (if the key is ) 72 224 T
1247 (abcdefgh) 131.29 224 T
1249 (, the actual key bits used are determined as follows:) 188.86 224 T
1266 ( key bits \050hex\051) 125.1 180 T
1286 (key bits used \050hex\051) 99 140 T
1297 0.18 (This convention \050as opposed to requiring even parity) 108 120 P
1298 0.18 (, or simply copying the low-order bit) 362 120 P
1299 -0.41 (to the high-order bit\051 was chosen to provide compatibility with the encryption program ) 72 100 P
1301 -0.41 (des) 486.77 100 P
1303 -0.41 ( distrib-) 502.76 100 P
1304 -0.52 (uted by Sun Microsystems, Inc. [4]. Whether the key is entered on the command line or on the key-) 72 80 P
1308 612 792 0 FMBEGINPAGE
1317 (Page 3 of 11) 479.71 34.7 T
1322 1.89 (board, by default it is processed into the same key schedule generated by Sun\325) 72 712 P
1323 1.89 (s ) 471.02 712 P
1325 1.89 (des) 480.58 712 P
1327 1.89 (, so \336les) 496.56 712 P
1328 (encrypted on a Sun can be decrypted using ) 72 692 T
1332 ( \050and vice versa\051.) 302.49 692 T
1333 -0.3 (If the user does not wish to use the Sun convention, the option \320) 108 668 P
1335 -0.3 (p) 411.9 668 P
1337 -0.3 ( will disable the parity bit) 418.57 668 P
1338 -0.62 (changing; with it, the parity bit is that of the character typed. This
1339 is useful when the key is a known) 72 648 P
1343 ( string and the \336le was encrypted on a system which does not alter parity bits.) 98.1 628 T
1344 -0.24 (A key may be represented as a bit vector) 108 604 P
1345 -0.24 (, rather than an ) 300.74 604 P
1347 -0.2 (ASCII) 374.7 604 P
1349 -0.24 ( string, in one of two ways. It) 400.8 604 P
1350 0.19 (may be represented as a string of up to 16 hexadecimal digits; if fewer than 16 are given, the key) 72 584 P
1351 0.16 (is right \336lled with 0 bits. Or) 72 564 P
1352 0.16 (, it may be represented as a string of up to 64 binary digits, and again) 206.11 564 P
1353 0.15 (if fewer than 64 are given, the key is right-\336lled with 0 bits. Bit
1354 vector keys must be given on the) 72 544 P
1355 0.51 (command line, and must begin with the characters ) 72 524 P
1357 1.24 (0x) 320.28 524 P
1359 0.51 ( or ) 334.67 524 P
1361 1.24 (0X) 351.69 524 P
1363 0.51 ( \050for hexadecimal\051 or ) 366.08 524 P
1365 1.24 (0b) 472.71 524 P
1367 0.51 ( or ) 487.1 524 P
1369 1.24 (0B) 504.12 524 P
1371 0.51 ( \050for) 518.51 524 P
1372 (binary\051. For example, all of the following strings generate the same key schedule:) 72 504 T
1378 (abcdefgh) 180 480 T
1380 (hexadecimal key) 72 460 T
1382 (0x6162e364e5e66768) 180 460 T
1384 (binary key) 72 440 T
1386 (0b0110000101100010111000110110100011100101111000-) 180 440 T
1387 (1100110011101101000) 180 420 T
1389 -0.14 ( Note that giving the key on the command line as ) 108 396 P
1391 -0.34 (0x6162636465666768) 345.27 396 P
1393 -0.14 ( will ) 474.8 396 P
1395 -0.14 (not) 499.17 396 P
1397 -0.14 ( reset) 514.5 396 P
1398 0.25 (the parity bits, because it is interpreted as a sequence of hex digits, not ) 72 376 P
1400 0.21 (ASCII) 416.58 376 P
1402 0.25 ( characters. The dif-) 442.68 376 P
1403 0.69 (ference in interpretation is that here the user can specify all bits of the key exactly) 72 356 P
1404 0.69 (, whereas \050on) 474.34 356 P
1405 0.25 (most terminals\051 it is not possible to control how the parity bit of ) 72 336 P
1407 0.21 (ASCII) 384.76 336 P
1409 0.25 ( characters is set. On some) 410.85 336 P
1410 0.36 (systems, it is possible to use a \322Meta\323 key to set the parity bit for an ) 72 316 P
1412 0.3 (ASCII) 407.23 316 P
1414 0.36 ( character; should this) 433.33 316 P
1415 -0.3 (be the case and the user desire ) 72 296 P
1417 -0.3 (bdes) 218.09 296 P
1419 -0.3 ( not to reset the parity bit, the option ) 240.07 296 P
1421 -0.3 (\320p) 415.25 296 P
1423 -0.3 ( will force the parity bit) 427.92 296 P
1424 (to be used as typed.) 72 276 T
1426 (4. Encryption Output Repr) 72 244 T
1427 (esentation) 211.05 244 T
1429 0.01 (All modes of the DES output ciphertext in blocks; the size of the block is 64 bits \0508 bytes\051) 108 220 P
1430 -0.25 (for ECB and CBC modes, and ) 72 200 P
1432 -0.25 (k) 218.74 200 P
1434 -0.25 ( bits for the ) 224.07 200 P
1436 -0.25 (k) 281.02 200 P
1438 -0.25 (-bit CFB and OFB modes, and there are as many out-) 286.35 200 P
1439 -0.5 (put blocks as input blocks. However) 72 180 P
1440 -0.5 (, as the length of the input is usually not a multiple of the block) 243.55 180 P
1441 -0.35 (size, some padding is necessary; but as padding must be done by appending characters, these char-) 72 160 P
1442 0.29 (acters must be distinguished from the input characters somehow) 72 140 P
1443 0.29 (. The mechanism used is that the) 381.35 140 P
1444 0.31 (last character of the \050decrypted\051 last block is the
1445 \050integer\051 number of characters from the input in) 72 120 P
1446 (the last block.) 72 100 T
1450 612 792 0 FMBEGINPAGE
1459 (Page 4 of 11) 479.71 34.7 T
1464 -0.59 (For example, suppose ) 108 712 P
1466 -1.41 (inputf) 214.16 712 P
1467 -1.41 (ile) 257.34 712 P
1469 -0.59 ( contains \322) 278.93 712 P
1471 -1.41 (This) 329.04 712 P
1473 -0.65 (z) 357.83 712 P
1475 -1.41 (is) 362.8 712 P
1477 -0.65 (z) 377.2 712 P
1479 -1.41 (a) 382.17 712 P
1481 -0.65 (z) 389.37 712 P
1483 -1.41 (test) 394.35 712 P
1485 -0.59 (\277) 423.13 712 P
1487 -0.59 (\323, and it is encrypted in) 431.02 712 P
1488 (CBC mode using the key \322) 72 692 T
1490 (abcdef#@) 200.93 692 T
1492 (\323 and the initialization vector ) 258.5 692 T
1496 (; the command is) 422.99 692 T
1498 (bdes -k abcdef#@ < ) 158.48 668 T
1500 (inputf) 295.21 668 T
1505 (outputf) 381.56 668 T
1508 (as CBC is the default encryption mode and ) 72 644 T
1512 ( the default initialization vector:) 302.79 644 T
1594 0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 540 P
1596 0.22 (Bdes) 72 520 P
1598 0.22 ( pads this to a full block by appending one byte containing the ) 95.32 520 P
1600 0.19 (ASCII) 399.67 520 P
1602 0.22 ( character with numeric) 425.77 520 P
1603 (value 7 \050the ) 72 500 T
1605 (ASCII) 131.62 500 T
1607 ( character <) 157.71 500 T
1611 (>\051. The result is then encrypted.) 233.3 500 T
1612 0.44 (As another example, suppose ) 108 476 P
1614 1.07 (inputf) 253.34 476 P
1615 1.07 (ile) 296.52 476 P
1617 0.44 ( contains \322) 318.11 476 P
1619 1.07 (test) 370.29 476 P
1621 0.44 (\323, and it is encrypted in ECB) 399.08 476 P
1622 (mode using the key \322) 72 456 T
1624 (abcdef#@) 173.93 456 T
1626 (\323; the command is) 231.5 456 T
1628 (bdes -b \320k abcdef#@ < ) 147.69 432 T
1635 (outputf) 392.35 432 T
1638 (because the option ) 72 408 T
1640 (\320b) 164.26 408 T
1642 ( signi\336es ECB mode:) 176.93 408 T
1679 -0.31 (Finally) 108 304 P
1680 -0.31 (, if the length of the message is indeed a multiple of the block size, an extra block of) 141.21 304 P
1681 0.83 (all 0 bits is added. Suppose ) 72 284 P
1683 1.99 (inputf) 210.57 284 P
1684 1.99 (ile) 253.74 284 P
1686 0.83 ( contains \322) 275.33 284 P
1688 1.99 (test) 328.28 284 P
1690 0.83 (\277) 357.07 284 P
1692 0.83 (\323, and it is encrypted in 40-bit CFB) 364.96 284 P
1693 1.51 (mode using the key \322) 72 264 P
1695 3.62 (abcdef#@) 179.96 264 P
1697 1.51 (\323 and the initialization vector ) 237.53 264 P
1699 3.62 (0x0123456789abcdef) 387.97 264 P
1701 1.51 (; the) 517.5 264 P
1702 (command is) 72 244 T
1704 -0.99 (bdes -f40 -v0x0123456789abcdef -kabcdef#@ < ) 72 220 P
1706 -0.99 (inputf) 383.67 220 P
1707 -0.99 (ile) 426.85 220 P
1709 -0.99 ( > ) 448.43 220 P
1711 -0.99 (outputf) 468.04 220 P
1712 -0.99 (ile) 518.41 220 P
1714 0.16 (because the option ) 72 196 P
1716 0.16 (\320f40 ) 164.75 196 P
1718 0.16 (signi\336es 40-bit CFB mode, and ) 189.89 196 P
1720 0.16 (-v0x01234566789abcdef) 343.96 196 P
1722 0.16 ( sets the initial-) 465.89 196 P
1723 (ization vector \050note that spaces between the option and its ar) 72 176 T
1724 (gument are optional\051:) 361.57 176 T
1769 1 12 /Times-BoldItalic FMDEFINEFONT
1770 2 14 /Symbol FMDEFINEFONT
1772 612 792 0 FMBEGINPAGE
1781 (Page 5 of 11) 479.71 34.7 T
1786 (Note here the block size is 40 bits \0505 bytes\051, not 64 bits \0508 bytes\051.) 108 712 T
1787 -0.4 (This technique allows complete compatibility with Sun\325) 108 688 P
1788 -0.4 (s ) 374.11 688 P
1790 -0.4 (des) 381.37 688 P
1792 -0.4 ( program. In Sun\325) 397.36 688 P
1793 -0.4 (s implemen-) 480.77 688 P
1794 0.02 (tation, padding is done with random bytes rather than bytes containing all zero bits. Cryptograph-) 72 668 P
1795 0.85 (ically) 72 648 P
1796 0.85 (, this makes no dif) 97.87 648 P
1797 0.85 (ference, as the DES is a suf) 189.32 648 P
1798 0.85 (\336ciently good random cipher to obscure the) 325.74 648 P
1799 (input \050see for example [2], Chapter 6\051, and known plaintext attacks are very dif) 72 628 T
1800 (\336cult [1].) 451.82 628 T
1802 (5. Differ) 72 596 T
1803 (ences Between the Standard CFB and OFB Modes and ) 114.41 596 T
1807 -0.11 (The UNIX operating system treats all \336les as streams of 8-bit bytes. In order to implement) 108 572 P
1808 -0.08 (the CFB and OFB modes properly) 72 552 P
1809 -0.08 (, it would be necessary to read ) 235.74 552 P
1811 -0.08 (k) 383.74 552 P
1813 -0.08 ( bits from the \336le, where ) 389.07 552 P
1815 -0.08 (k) 509.51 552 P
1817 -0.08 ( is an) 514.84 552 P
1818 0.98 (integer between 1 and 64 inclusive. However) 72 532 P
1819 0.98 (, this would require considerable buf) 294.22 532 P
1820 0.98 (fering and be) 474.77 532 P
1821 0.23 (quite inef) 72 512 P
1822 0.23 (\336cient and prohibitively slow) 117.65 512 P
1823 0.23 (. For these reasons, the current implementation of ) 258.48 512 P
1825 0.23 (bdes) 501.48 512 P
1827 0.23 ( re-) 523.46 512 P
1828 0.47 (quires that ) 72 492 P
1830 0.47 (k) 126.23 492 P
1832 0.47 ( be a multiple of 8, so that an integral number of bytes will always be read from the) 131.56 492 P
1833 (\336le. Other than this change, this mode is implemented as described in [3].) 72 472 T
1834 -0.58 (A similar observation holds for the alternate CFB mode described in [3]. Here, only the low) 108 448 P
1835 0.23 (7 bits of each byte are signi\336cant, and hence the parameter ) 72 428 P
1837 0.23 (k) 358.95 428 P
1839 0.23 ( is an integer from 1 to 56 inclusive;) 364.28 428 P
1840 (bdes requires k to be a multiple of 7. The high-order bit is retained for encryption and decryption,) 72 408 T
1841 (but output \050whether from encryption or decryption\051 always has the high-order bit set to zero.) 72 388 T
1843 (6. Message Authentication Code Modes) 72 356 T
1845 0.57 (The Data Encryption Standard provides two modes of authentication, each providing be-) 108 332 P
1846 1.27 (tween 1 and 64 bits of authentication data. In both cases an ) 72 312 P
1848 1.27 (n) 373.32 312 P
1850 1.27 (-bit message authentication code) 379.32 312 P
1851 0.62 (\050MAC\051 is generated, where 1) 72 292 P
1853 0.73 ( ) 214.71 292 P
1855 0.62 (\243) 218.94 292 P
1857 0.62 ( ) 225.52 292 P
1859 0.62 (n) 229.15 292 P
1861 0.62 ( ) 235.14 292 P
1863 0.62 (\243) 238.76 292 P
1865 0.62 ( 64. The \336rst is based on the CBC encryption mode, and the) 245.35 292 P
1866 (second on CFB mode. Both work the same.) 72 272 T
1867 0.13 (First, the \336le is padded to a multiple of the block size by appending enough zero bits. It is) 108 248 P
1868 -0.16 (then encrypted using the standard CBC \050or CFB\051 algorithm, but
1869 all encrypted text is discarded ex-) 72 228 P
1870 -0.44 (cept for the last block. The ) 72 208 P
1872 -0.44 (n) 200.9 208 P
1874 -0.44 ( leading bits of the last block are used as the MAC. Note that the block) 206.9 208 P
1875 (size constrains the number of bits available as the MAC.) 72 188 T
1876 0.71 (The implementation allows the user to specify that the MAC is to be computed in either) 108 164 P
1877 -0.01 (CBC or CFB mode, and the user can specify any number of bits from 1 to 64 inclusive. However) 72 144 P
1879 -0.11 (because the UNIX operating system can only output bits in multiples of 8, if the number of bits of) 72 124 P
1880 -0.08 (MAC is not a multiple of 8, the MAC will be right-padded with the minimum number of zero bits) 72 104 P
1881 -0.31 (necessary to make the MAC length be a multiple of 8. However) 72 84 P
1882 -0.31 (, note that as the standard \050[3], Ap-) 374.6 84 P
1886 612 792 0 FMBEGINPAGE
1895 (Page 6 of 11) 479.71 34.7 T
1900 -0.14 (pendix F\051 requires an incomplete \336nal block be right-padded with
1901 zeroes, the technique of forcing) 72 712 P
1902 (the last octet to contain the number of bytes in the message is ) 72 692 T
1906 ( used here.) 384.8 692 T
1907 -0.39 (For example, suppose ) 108 668 P
1909 -0.94 (inputf) 214.76 668 P
1910 -0.94 (ile) 257.93 668 P
1912 -0.39 ( contains \322) 279.52 668 P
1914 -0.94 (This) 330.04 668 P
1916 -0.43 (z) 358.82 668 P
1918 -0.94 (is) 363.8 668 P
1920 -0.43 (z) 378.19 668 P
1922 -0.94 (a) 383.17 668 P
1924 -0.43 (z) 390.36 668 P
1926 -0.94 (test) 395.34 668 P
1928 -0.39 (\277) 424.13 668 P
1930 -0.39 (\323, and a 64-bit MAC is) 432.02 668 P
1931 -0.73 (to be generated using CBC mode, the key \322) 72 648 P
1933 -1.74 (abcdef#@) 274.39 648 P
1935 -0.73 (\323 and the initialization vector ) 331.96 648 P
1937 -1.74 (0x0) 471.23 648 P
1939 -0.73 (; the com-) 492.82 648 P
1942 (bdes -m 64 -k abcdef#@ < ) 136.89 604 T
1944 (inputf) 316.79 604 T
1949 (outputf) 403.15 604 T
1952 (as CBC is the default encryption mode and ) 72 580 T
1956 ( the default initialization vector:) 302.79 580 T
2030 0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 476 P
2034 ( pads this to a full block by appending a zero-\336lled byte. The result is then encrypted and the) 95.32 456 T
2035 (last block of output is used as the MAC.) 72 436 T
2036 0.06 (As another example, suppose we used the same text, and wanted a 36-bit MAC to be gen-) 108 412 P
2037 6.91 (erated using 40-bit CFB mode, the key \322) 72 392 P
2039 16.58 (abcdef#@) 314.9 392 P
2041 6.91 (\323 and the initialization vector) 372.47 392 P
2043 (0x0123456789abcdef) 72 372 T
2045 (; the command is) 201.53 372 T
2047 (bdes -m 36 -f 40 -v 0x0123456789abcdef < ) 79.32 348 T
2049 (inputf) 374.36 348 T
2054 (outputf) 460.71 348 T
2057 -0.19 (where ) 72 324 P
2059 -0.19 (\320m 36) 104.11 324 P
2061 -0.19 ( is the option to generate a 36-bit MAC, ) 134.91 324 P
2063 -0.19 (\320f 40) 327.79 324 P
2065 -0.19 ( indicates 40-bit CFB is to be used, and) 352.58 324 P
2067 -0.31 (\320v 0x123456789abcdef) 72 304 P
2069 -0.31 ( sets the initialization vector) 186.62 304 P
2070 -0.31 (. Note that, as the key is not given on the com-) 319.95 304 P
2071 (mand line, the user will be prompted for it. It gives:) 72 284 T
2141 0.19 (Note that the MAC is padded on the right by four zero bits to produce \336ve characters that) 108 180 P
2142 (can be output.) 72 160 T
2144 (7. Differ) 72 128 T
2145 (ences Between ) 114.41 128 T
2149 ( and Sun\325) 212.99 128 T
2150 (s DES Implementation) 261.88 128 T
2152 0.02 (The program ) 108 104 P
2154 0.02 (bdes) 173.33 104 P
2156 0.02 ( is designed to be completely compatible with Sun Microsystems, Inc.\325) 195.31 104 P
2157 0.02 (s) 535.33 104 P
2158 0.57 (implementation of the Data Encryption Standard, called ) 72 84 P
2160 0.57 (des) 347.14 84 P
2162 0.57 ( and described in [4]. Thus, \336les en-) 363.13 84 P
2166 612 792 0 FMBEGINPAGE
2175 (Page 7 of 11) 479.71 34.7 T
2180 0.44 (crypted using ) 72 712 P
2182 0.44 (des) 140.84 712 P
2184 0.44 ( can be decrypted using ) 156.83 712 P
2186 0.44 (bdes) 275.29 712 P
2188 0.44 (, and vice versa, provided modes common to both) 297.27 712 P
2189 -0.34 (are used. However) 72 692 P
2190 -0.34 (, ) 160.41 692 P
2192 -0.34 (bdes) 166.06 692 P
2194 -0.34 ( does not allow \336les to be named on the command line, nor does it support) 188.05 692 P
2195 -0.68 (hardware devices \050and so the ) 72 672 P
2197 -0.68 (-s) 210.83 672 P
2199 -0.68 ( and ) 219.49 672 P
2201 -0.68 (-f) 241.45 672 P
2203 -0.68 ( options of Sun\325) 249.44 672 P
2204 -0.68 (s ) 323.71 672 P
2206 -0.68 (des) 330.7 672 P
2208 -0.68 ( are not available\051. Further) 346.69 672 P
2209 -0.68 (, as encryption) 471.07 672 P
2210 -0.05 (is the default, the Sun ) 72 652 P
2212 -0.05 (des) 179.01 652 P
2216 -0.05 (-e) 197.95 652 P
2218 -0.05 ( option is not recognized. As the manual page to ) 207.27 652 P
2220 -0.05 (bdes) 441.6 652 P
2222 -0.05 ( is in the appen-) 463.59 652 P
2223 (dix, these dif) 72 632 T
2224 (ferences will not be elaborated upon further) 134.08 632 T
2226 0.44 (Sun\325) 108 608 P
2229 0.44 (des) 138.1 608 P
2231 0.44 ( supports the use of special-purpose hardware to encrypt and decrypt. Although) 154.09 608 P
2233 1.33 (bdes) 72 588 P
2235 1.33 ( does not directly support the use of such hardware, it uses the library routine ) 93.98 588 P
2237 1.33 (encrypt) 487.05 588 P
2239 1.33 (\0503\051,) 523.02 588 P
2240 -0.09 (which may) 72 568 P
2241 -0.09 (. Hardware support was not included directly to support as lar) 124.1 568 P
2242 -0.09 (ge a number of platforms) 419.11 568 P
2243 (as possible with installers needing to know as little about the hardware as possible.) 72 548 T
2244 -0.08 (Sun\325) 108 524 P
2245 -0.08 (s ) 130 524 P
2247 -0.08 (des) 137.58 524 P
2249 -0.08 ( supports only the CBC and ECB encryption modes; ) 153.57 524 P
2251 -0.08 (bdes) 407.07 524 P
2253 -0.08 ( supports all modes de-) 429.05 524 P
2254 0.26 (scribed in [3] \050although CFB and OFB are not completely supported\051 as well as both CBC-based) 72 504 P
2255 (and CFB-based MACs.) 72 484 T
2256 0.15 (Although input with length not a multiple of the block size is handled in the same way by) 108 460 P
2257 -0.47 (both ) 72 440 P
2259 -0.47 (des) 95.85 440 P
2261 -0.47 ( and ) 111.84 440 P
2263 -0.47 (bdes) 134.21 440 P
2265 -0.47 (, dif) 156.19 440 P
2266 -0.47 (ferent values of the padding bytes are used in all but the last byte of the input.) 174.82 440 P
2271 ( puts zero bytes, ) 128.94 420 T
2275 ( puts bytes containing random values. The reason for Sun\325) 225.87 420 T
2276 (s doing) 505.02 420 T
2277 0.47 (so is to prevent a known plaintext attack on the \336le should an
2278 attacker determine that the input\325) 72 400 P
2279 0.47 (s) 535.33 400 P
2280 -0.29 (length were a multiple of the block size. W) 72 380 P
2281 -0.29 (ith ) 276.05 380 P
2283 -0.29 (bdes) 291.43 380 P
2285 -0.29 (, the plaintext contents of the last block of input) 313.41 380 P
2286 0.31 (for such a \336le is known \050a block with all bits zero\051. W) 72 360 P
2287 0.31 (ith ) 333.99 360 P
2289 0.31 (des) 349.96 360 P
2291 0.31 (, the plaintext contents of that block) 365.95 360 P
2292 0.73 (are not known. Cryptanalytically) 72 340 P
2293 0.73 (, given the information about the strength of the DES currently) 231.29 340 P
2294 0.2 (known, it is widely believed that known plaintext attacks are infeasible
2295 \050see for example [1]\051 and) 72 320 P
2296 1.86 (so initializing and invoking the pseudorandom number generator seems unnecessary) 72 300 P
2297 1.86 (. But this) 492.63 300 P
2298 (means that ciphertexts produced from a plaintext by ) 72 280 T
2302 ( and ) 346.47 280 T
2306 ( will dif) 385.77 280 T
2307 (fer in the last block.) 423.54 280 T
2310 (ences) 100.41 248 T
2313 0.37 (D. Denning, \322The Data Encryption Standard: Fifteen Y) 108 224 P
2314 0.37 (ears of Public Scrutiny) 374.87 224 P
2315 0.37 (,\323 ) 484.8 224 P
2317 0.37 (Pr) 496.49 224 P
2318 0.37 (oceed-) 508.04 224 P
2319 -0.47 (ings of the Sixth Annual Computer Security Applications Confer) 108 204 P
2320 -0.47 (ence) 411.65 204 P
2322 -0.47 ( pp. x\320xv \050Dec. 1990\051.) 433.62 204 P
2324 (A. Konheim, ) 108 180 T
2326 (Cryptography: A Primer) 173.29 180 T
2328 (, John W) 291.4 180 T
2329 (iley and Sons, Inc., New Y) 333.9 180 T
2330 (ork, NY \0501981\051.) 461.94 180 T
2333 0.63 (DES Modes of Operation) 108 156 P
2335 0.63 (, Federal Information Processing Standards Publication 81, Na-) 231.47 156 P
2336 -0.07 (tional Bureau of Standards, U.S. Department of Commerce, W) 108 136 P
2337 -0.07 (ashington, DC \050Dec. 1980\051.) 407.62 136 P
2340 (UNIX User) 108 112 T
2342 (s Manual) 165.18 112 T
2344 (, Sun Microsystems Inc., Mountain V) 210.16 112 T
2346 (, CA \050Mar) 406.54 112 T
2347 (. 1988\051.) 455.51 112 T
2349 (Appendix. The UNIX System Manual Page for ) 72 80 T
2354 1 11 /Times-Bold FMDEFINEFONT
2356 612 792 0 FMBEGINPAGE
2365 (Page 8 of 11) 479.71 34.7 T
2373 (bdes - encrypt/decrypt using the Data Encryption Standard) 108 689 T
2375 (SYNOPSIS) 72 663.67 T
2383 (-abdp) 141.32 640 T
2385 ( ] [ ) 171.31 640 T
2393 ( ] [ ) 208.61 640 T
2401 ( ] [ ) 242.58 640 T
2417 ( ] [ ) 329.16 640 T
2425 ( ] [ ) 365.13 640 T
2431 (vector) 395.1 640 T
2435 (DESCRIPTION) 72 614.67 T
2437 -0.69 (Bdes) 108 591 P
2439 -0.69 ( reads from the standard input and writes on the standard output. It implements all DES) 131.32 591 P
2440 -0.09 (modes of operation described in FIPS PUB 81 including alternative cipher feedback mode) 108 577 P
2441 0.74 (and both authentication modes. All modes but the electronic code book mode require an) 108 563 P
2442 -0.14 (initialization vector; if none is supplied, the zero vector is used. T) 108 549 P
2443 -0.14 (o protect the key and ini-) 420.44 549 P
2444 0.29 (tialization vector from being read by) 108 535 P
2446 0.29 ( ps) 284.98 535 P
2448 0.29 (\0501\051, ) 298.94 535 P
2450 0.29 (bdes ) 319.21 535 P
2452 0.29 (hides its ar) 344.48 535 P
2453 0.29 (guments on entry) 396.81 535 P
2454 0.29 (. If no ) 479.89 535 P
2456 0.29 (key ) 512.74 535 P
2459 -0.61 (given, one is requested from the controlling terminal if that can be opened, or from the stan-) 108 521 P
2460 (dard input if not.) 108 507 T
2461 -0.17 (The key and initialization vector are taken as sequences of ) 108 489 P
2463 -0.14 (ASCII) 389.38 489 P
2465 -0.17 ( characters which are then) 415.48 489 P
2466 -0.35 (mapped into their bit representations. If either begins with
2467 \3240x\325 or \3240X\325, that one is taken as) 108 475 P
2468 1.02 (a sequence of hexadecimal digits indicating the bit pattern; if either begins with \3240b\325 or) 108 461 P
2469 -0.73 (\3240B\325, that one is taken as a sequence of binary digits
2470 indicating the bit pattern. In either case,) 108 447 P
2471 -0.37 (only the leading 64 bits of the key or initialization vector are used, and if fewer than 64 bits) 108 433 P
2472 0.35 (are provided, enough 0 bits are appended to pad the key to 64 bits. Note that if the key is) 108 419 P
2473 0.03 (not entered on the command line, it is interpreted in the same way) 108 405 P
2474 0.03 (, because with 4.4 BSD,) 424.31 405 P
2475 -0.36 (the password reading function ) 108 391 P
2477 -0.36 (getpass) 254.45 391 P
2479 -0.36 (\0503\051 allows enough characters for either hex or binary) 290.43 391 P
2480 (keys to be entered.) 108 377 T
2481 0.04 (According to the DES standard, the low-order bit of each character in the key string is de-) 108 359 P
2482 -0.18 (leted. Since most ) 108 345 P
2484 -0.15 (ASCII) 192.75 345 P
2486 -0.18 ( representations set the high-order bit to 0, simply deleting the low-) 218.84 345 P
2487 -0.29 (order bit ef) 108 331 P
2488 -0.29 (fectively reduces the size of the key space from 2) 160.49 331 P
2490 -0.24 (56) 394.67 335.8 P
2492 -0.29 ( to 2) 404.67 331 P
2494 -0.24 (48) 425.41 335.8 P
2496 -0.29 ( keys. T) 435.4 331 P
2497 -0.29 (o prevent this,) 472.29 331 P
2498 -0.46 (the high-order bit must be a function depending in part upon the low-order bit; so, the high-) 108 317 P
2499 0.11 (order bit is set to whatever value gives odd parity) 108 303 P
2500 0.11 (. This preserves the key space size. Note) 345.05 303 P
2501 (this resetting of the parity bit is ) 108 289 T
2505 ( done if the key is given in binary or hex.) 276.24 289 T
2506 -0.38 (By default, the standard input is encrypted using cipher block chaining mode and is written) 108 271 P
2507 0.18 (to the standard output. Using the same key for encryption and decryption preserves plain-) 108 257 P
2508 (text, so) 108 243 T
2509 ( bdes ) 225.81 225 T
2513 ( < plaintext | bdes \320i ) 269.77 225 T
2518 (is a very expensive equivalent of ) 108 201 T
2522 (\0501\051.) 283.2 201 T
2523 (Options are:) 108 183 T
2528 -0.75 (The key and initialization vector strings are to be taken as ) 144 165 P
2530 -0.62 (ASCII) 415.89 165 P
2532 -0.75 ( suppressing the spe-) 441.98 165 P
2533 0.3 (cial interpretation given to leading \3240x\325, \3240X\325, \3240b\325,
2534 and \3240B\325 characters. Note this) 144 151 P
2535 (\337ag applies to ) 144 137 T
2539 ( the key and initialization vector) 235.62 137 T
2544 (Use electronic code book mode.) 144 119 T
2548 (Decrypt the input.) 144 101 T
2552 612 792 0 FMBEGINPAGE
2561 (Page 9 of 11) 479.71 34.7 T
2573 -0.29 (Use ) 144 712 P
2575 -0.29 (b) 165.36 712 P
2577 -0.29 (-bit cipher feedback mode. Currently ) 171.35 712 P
2579 -0.29 (b) 350.42 712 P
2581 -0.29 ( must be a multiple of 8 between 8 and) 356.42 712 P
2582 (64 inclusive \050this does not conform to the standard CFB mode speci\336cation\051.) 144 698 T
2590 -0.29 (Use ) 144 680 P
2592 -0.29 (b) 165.36 680 P
2594 -0.29 (-bit alternative cipher feedback mode. Currently ) 171.36 680 P
2596 -0.29 (b) 403.77 680 P
2598 -0.29 ( must be a multiple of 7 be-) 409.77 680 P
2599 -0.12 (tween 7 and 56 inclusive \050this does not conform to the alternative CFB mode spec-) 144 666 P
2600 (i\336cation\051.) 144 652 T
2608 0.37 (Use the string ) 144 616 P
2610 0.37 (key) 214.74 616 P
2612 0.37 ( as the cryptographic key) 230.72 616 P
2613 0.37 (. If this ar) 352.01 616 P
2614 0.37 (gument is not given, the user) 399.54 616 P
2615 (will be prompted for the key) 144 602 T
2624 0.71 (Compute a message authentication code \050MAC\051 of ) 144 584 P
2626 0.71 (b) 395.78 584 P
2628 0.71 ( bits on the input. ) 401.77 584 P
2630 0.71 (b) 491.94 584 P
2632 0.71 ( must be) 497.94 584 P
2633 0.11 (between 1 and 64 inclusive; if ) 144 570 P
2635 0.11 (b) 291.87 570 P
2637 0.11 ( is not a multiple of 8, enough 0 bits will be added) 297.86 570 P
2638 -0.44 (to pad the MAC length to the nearest multiple of 8. Only the MAC is output. MACs) 144 556 P
2639 (are only available in cipher block chaining mode or in cipher feedback mode.) 144 542 T
2647 -0.34 (Use ) 144 524 P
2649 -0.34 (b) 165.31 524 P
2651 -0.34 (-bit output feedback mode. Currently ) 171.31 524 P
2653 -0.34 (b) 350.83 524 P
2655 -0.34 ( must be a multiple of 8 between 8 and) 356.83 524 P
2656 (64 inclusive \050this does not conform to the OFB mode speci\336cation\051.) 144 510 T
2660 -0.14 (Disable the resetting of the parity bit. This \337ag forces the parity bit of the key to be) 144 492 P
2661 0.03 (used as typed, rather than making each character be of odd parity) 144 478 P
2662 0.03 (. It is used only if) 455.91 478 P
2663 (the key is given in ) 144 464 T
2665 (ASCII) 234.95 464 T
2673 (vector) 122.99 446 T
2675 -0.5 (Set the initialization vector to ) 144 428 P
2677 -0.5 (v) 286.44 428 P
2679 -0.5 (; the vector is interpreted in the same way as the key) 291.76 428 P
2681 (The vector is ignored in electronic codebook mode.) 144 414 T
2682 -0.55 (The DES is considered a very strong cryptosystem, and other than table lookup attacks, key) 108 396 P
2683 0.24 (search attacks, and Hellman\325) 108 382 P
2684 0.24 (s time-memory tradeof) 246.61 382 P
2685 0.24 (f \050all of which are very expensive and) 356.8 382 P
2686 0.66 (time-consuming\051, no cryptanalytic methods for breaking the DES are known in the open) 108 368 P
2687 0.33 (literature. No doubt the choice of keys and key security are the most vulnerable aspect of) 108 354 P
2693 (IMPLEMENT) 72 314 T
2695 (TION NOTES) 154.18 314 T
2697 0.57 (For implementors wishing to write software compatible with this program, the following) 108 290 P
2698 -0.23 (notes are provided. This software is completely compatible with the implementation of the) 108 276 P
2699 (data encryption standard distributed by Sun Microsystems, Inc.) 108 262 T
2700 0.11 (In the ECB and CBC modes, plaintext is encrypted in units of 64 bits \0508 bytes, also called) 108 244 P
2701 0.52 (a block\051. T) 108 230 P
2702 0.52 (o ensure that the plaintext \336le is encrypted correctly) 160.49 230 P
2703 0.52 (, ) 413.01 230 P
2705 0.52 (bdes ) 419.53 230 P
2707 0.52 (will \050internally\051 ap-) 445.03 230 P
2708 0.29 (pend from 1 to 8 bytes, the last byte containing an integer stating how many bytes of that) 108 216 P
2709 -0.71 (\336nal block are from the plaintext \336le, and encrypt the resulting block. Hence, when decrypt-) 108 202 P
2710 0.27 (ing, the last block may contain from 0 to 7 characters present in the plaintext \336le, and the) 108 188 P
2711 -0.59 (last byte tells how many) 108 174 P
2712 -0.59 (. Note that if during decryption the last byte of the \336le does not con-) 221.46 174 P
2713 0.41 (tain an integer between 0 and 7, either the \336le has been corrupted or an incorrect key has) 108 160 P
2714 0.48 (been given. A similar mechanism is used for the OFB and CFB modes, except that those) 108 146 P
2715 0.26 (simply require the length of the input to be a multiple of the mode size, and the \336nal byte) 108 132 P
2716 -0.73 (contains an integer between 0 and one less than the number of bytes being used as the mode.) 108 118 P
2717 (\050This was another reason that the mode size must be a multiple of 8 for those modes.\051) 108 104 T
2721 612 792 0 FMBEGINPAGE
2730 (Page 10 of 11) 473.71 34.7 T
2735 0.94 (Unlike Sun\325) 108 712 P
2736 0.94 (s implementation, unused bytes of that last block are not \336lled with random) 166.58 712 P
2737 0.57 (data, but instead contain what was in those byte positions in the preceding block. This is) 108 698 P
2738 (quicker and more portable, and does not weaken the encryption signi\336cantly) 108 684 T
2740 0.36 (If the key is entered in ) 108 666 P
2742 0.3 (ASCII) 220.76 666 P
2744 0.36 (, the parity bits of the key characters are set so that each key) 246.85 666 P
2745 1.03 (character is of odd parity) 108 652 P
2746 1.03 (. Unlike Sun\325) 231.23 652 P
2747 1.03 (s implementation, it is possible to enter binary or) 296.92 652 P
2748 -0.57 (hexadecimal keys on the command line, and if this is done, the parity bits are ) 108 638 P
2750 -0.57 (not ) 472.85 638 P
2752 -0.57 (reset. This) 490.61 638 P
2753 (allows testing using arbitrary bit patterns as keys.) 108 624 T
2754 0.64 (The Sun implementation always uses an initialization vector of 0 \050that is, all zeroes\051. By) 108 606 P
2755 (default, ) 108 592 T
2759 (does too, but this may be changed from the command line.) 172.29 592 T
2763 (/dev/tty) 108 542 T
2764 (controlling terminal for typed key) 180 542 T
2770 (\0501\051, ) 132.65 492 T
2772 (crypt) 152.63 492 T
2774 (\0503\051) 177.27 492 T
2776 -0.4 (Data Encryption Standar) 108 474 P
2777 -0.4 (d) 228.02 474 P
2779 -0.4 (, Federal Information Processing Standard #46, National Bureau) 234.02 474 P
2780 (of Standards, U.S. Department of Commerce, W) 108 460 T
2781 (ashington DC \050Jan. 1977\051.) 340.2 460 T
2783 0.16 (DES) 108 442 P
2785 0.16 ( ) 129.98 442 P
2787 0.16 (Modes of Operation, ) 133.15 442 P
2789 0.16 (Federal Information Processing Standard #81, National Bureau) 236.24 442 P
2790 (of Standards, U.S. Department of Commerce, W) 108 428 T
2791 (ashington DC \050Dec. 1980\051.) 340.2 428 T
2792 2.75 (Dorothy Denning, ) 108 410 P
2794 2.75 (Cryptography and Data Security) 203.77 410 P
2796 2.75 (, Addison-W) 368.8 410 P
2797 2.75 (esley Publishing Co.,) 432.55 410 P
2798 (Reading, MA \2511982.) 108 396 T
2799 -0.19 ( Matt Bishop, \322Implementation Notes on ) 108 378 P
2801 -0.19 (bdes) 305.76 378 P
2803 -0.19 (\0501\051\323, T) 327.75 378 P
2804 -0.19 (echnical Report PCS-TR-91-158, De-) 359.35 378 P
2805 0.34 (partment of Mathematics and Computer Science, Dartmouth College, Hanover) 108 364 P
2806 0.34 (, NH \050Apr) 488.01 364 P
2808 (1991\051.) 108 350 T
2812 -0.55 (Certain speci\336c keys should be avoided because they introduce potential weaknesses; these) 108 300 P
2813 -0.44 (keys, called the ) 108 286 P
2815 -0.44 (weak) 183.95 286 P
2817 -0.44 ( and ) 208.6 286 P
2819 -0.44 (semiweak) 231.03 286 P
2821 -0.44 ( keys, are \050in hex notation, where ) 277.66 286 P
2823 -1.06 (p) 437.45 286 P
2825 -0.44 ( is either ) 444.64 286 P
2827 -1.06 (0) 487.63 286 P
2829 -0.44 ( or ) 494.82 286 P
2831 -1.06 (1) 509.93 286 P
2833 -0.44 (, and) 517.12 286 P
2837 ( is either ) 115.2 272 T
2845 (\051:) 189.88 272 T
2847 (0x0p0p0p0p0p0p0p0p) 144 254 T
2848 (0x0p1P0p1P0p0P0p0P) 360 254 T
2849 (0x0pep0pep0pfp0pfp) 144 236 T
2850 (0x0pfP0pfP0pfP0pfP) 360 236 T
2851 (0x1P0p1P0p0P0p0P0p) 144 218 T
2852 (0x1P1P1P1P0P0P0P0P) 360 218 T
2853 (0x1Pep1Pep0Pfp0Pfp) 144 200 T
2854 (0x1PfP1PfP0PfP0PfP) 360 200 T
2855 (0xep0pep0pfp0pfp0p) 144 182 T
2856 (0xep1Pep1pfp0Pfp0P) 360 182 T
2857 (0xepepepepepepepep) 144 164 T
2858 (0xepfPepfPfpfPfpfP) 360 164 T
2859 (0xfP0pfP0pfP0pfP0p) 144 146 T
2860 (0xfP1PfP1PfP0PfP0P) 360 146 T
2861 (0xfPepfPepfPepfPep) 144 128 T
2862 (0xfPfPfPfPfPfPfPfP) 360 128 T
2864 0.13 (The weakness of these keys is inherent in the DES algorithm \050see for example Moore and) 108 110 P
2865 -0.57 (Simmons, \322Cycle structure of the DES with weak and semi-weak keys,\323) 108 96 P
2867 -0.57 ( Advances in Cryp-) 449.43 96 P
2868 (tology \320 Crypto \32486 Pr) 108 82 T
2869 (oceedings) 216.83 82 T
2871 (, Springer) 264.79 82 T
2873 (erlag New Y) 323.17 82 T
2874 (ork, \2511987, pp. 9-32\051.) 383.25 82 T
2878 612 792 0 FMBEGINPAGE
2887 (Page 11 of 11) 473.71 34.7 T
2895 -0.18 (There is a controversy raging over whether the DES will still be secure in a few years. The) 108 688 P
2896 0.31 (advent of special-purpose hardware could reduce the cost of any of the methods of attack) 108 674 P
2897 (named above so that they are no longer computationally infeasible.) 108 660 T
2898 0.32 (Programs which display programs\325 ar) 108 642 P
2899 0.32 (guments may compromise the key and initialization) 289.59 642 P
2900 0.76 (vector if they are speci\336ed on the command line. T) 108 628 P
2901 0.76 (o avoid this ) 358.46 628 P
2903 0.76 (bdes) 419.7 628 P
2905 0.76 ( overwrites its ar) 441.68 628 P
2906 0.76 (gu-) 524.01 628 P
2907 (ments. However) 108 614 T
2908 (, the obvious race cannot currently be avoided.) 186.12 614 T
2909 0.25 (As the key or key schedule is kept in memory throughout the run of this program, the en-) 108 596 P
2910 (cryption can be compromised if memory is readable.) 108 582 T
2911 -0.4 (There is no warranty of merchantability nor any warranty of \336tness for a particular purpose) 108 564 P
2912 0.05 (nor any other warranty) 108 550 P
2913 0.05 (, either express or implied, as to the accuracy of the enclosed mate-) 216.95 550 P
2914 (rials or as to their suitability for any particular purpose.) 108 536 T
2915 -0.06 (Accordingly) 108 518 P
2916 -0.06 (, the user assumes full responsibility for their use. Further) 167.18 518 P
2917 -0.06 (, the author assumes) 442.93 518 P
2918 -0.25 (no obligation to furnish any assistance of any kind whatsoever) 108 504 P
2919 -0.25 (, or to furnish any additional) 404.69 504 P
2920 (information or documentation.) 108 490 T
2924 -0.54 (Matt Bishop, Department of Mathematics and Computer Science, Bradley Hall, Dartmouth) 108 440 P
2925 (College, Hanover) 108 426 T
2926 (, NH 03755) 192.12 426 T
2927 (Electronic mail addresses:) 108 408 T
2928 (Internet: Matt.Bishop@dartmouth.edu) 108 390 T
2929 (UUCP: decvax!dartvax!Matt.Bishop) 108 372 T
2933 %%BoundingBox: 0 0 612 792
2935 %%DocumentFonts: Helvetica-Bold
2936 %%+ Helvetica-BoldOblique
2939 %%+ Times-BoldItalic