CDMF


In cryptography, CDMF is an algorithm developed at IBM in 1992 to reduce the security strength of the 56-bit DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key shortening. It is one of the cryptographic algorithms supported by S-HTTP.

Algorithm

Like DES, CDMF accepts a 64-bit input key, but not all bits are used.
The algorithm consists of the following steps:
  1. Clear bits 8, 16, 24, 32, 40, 48, 56, 64.
  2. XOR the result with its encryption under DES using the key 0xC408B0540BA1E0AE.
  3. Clear bits 1, 2, 3, 4, 8, 16, 17, 18, 19, 20, 24, 32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.
  4. Encrypt the result under DES using the key 0xEF2C041CE6382FE6.
The resulting 64-bit data is to be used as a DES key. Due to step 3, a brute force attack needs to test only 240 possible keys.