DES key derivation: reject weak keys #3259

gilles-peskine-arm · 2019-03-11T17:09:16Z

For DES, psa_key_derivation_output_key (formerly psa_generator_import_key()) should reject weak keys.

This is a theoretical bug since the chance of generating a weak key is 2^{-52}. It's only a problem for compliance and DES is no longer compliant in the US.

The text was updated successfully, but these errors were encountered:

ciarmcom · 2019-03-11T21:45:26Z

Internal Jira reference: https://jira.arm.com/browse/IOTCRYPT-722

tom-cosgrove-arm · 2023-02-02T13:23:38Z

Given we are going to deprecate the entire DES module relatively soon, we're not going to do this

gilles-peskine-arm transferred this issue from ARMmbed/mbed-crypto Apr 27, 2020

gilles-peskine-arm added bug component-crypto Crypto primitives and low-level interfaces mbed TLS team labels Apr 27, 2020

daverodgman removed mbed TLS team labels May 13, 2022

gilles-peskine-arm added the priority-low Low priority - this may not receive review soon label May 13, 2022

tom-cosgrove-arm added the historical-reviewing Currently reviewing (for legacy PR/issues) label Jan 27, 2023

tom-cosgrove-arm closed this as not planned Won't fix, can't repro, duplicate, stale Feb 2, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DES key derivation: reject weak keys #3259

DES key derivation: reject weak keys #3259

gilles-peskine-arm commented Mar 11, 2019 •

edited

Loading

ciarmcom commented Mar 11, 2019

tom-cosgrove-arm commented Feb 2, 2023

DES key derivation: reject weak keys #3259

DES key derivation: reject weak keys #3259

Comments

gilles-peskine-arm commented Mar 11, 2019 • edited Loading

ciarmcom commented Mar 11, 2019

tom-cosgrove-arm commented Feb 2, 2023

gilles-peskine-arm commented Mar 11, 2019 •

edited

Loading