Subject: Re: IPsec and key length
To: Secret Asian Man <cchen@nougat.org>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: current-users
Date: 06/12/2000 21:38:06
> I'm confused; The documentation says that setkey will only take
> 64-bit long des-cbc keys, but DES is 56-bit; where do the other
> eight bits come from?
> 
> I'm scouring the cisco documentation too, trying to figure out where
> the other eight bits would come from.

The standard representation of DES keys uses the low-order bit of
each byte as a "parity bit"; keys are supposed to have odd parity.

Parity checking doesn't add any visible strength to the algorithm, and
sometimes causes application weaknesses, so most sane implementations
simply ignore the parity bits.

					- Bill