dontspam-tzeruch(_at_)ceddec(_dot_)com says:
Maybe I have uncovered another ambiguity
Maybe (:-)
For 3DES I have:
des_set_key((des_cblock *) key, ctx->ck.dk[0]);
des_set_key((des_cblock *) & key[8], ctx->ck.dk[1]);
des_set_key((des_cblock *) & key[16], ctx->ck.dk[2]);
Which is going 8 bytes between keys, If DES is 56 bit and not 64 bit the
extra bytes are being wasted (the DES key size is 24 - should it have been
21?).
Since parity bits are never used (some implementation enforce that
they indeed are parity, some just ignore them), indeed the "real"
key length is 21 byte, not 24... (as 24 bits or three full bytes
are unusable from the security point of view).
So I assume you would mean that it takes 16 bytes of key material.
DES/SK does not do that parity-bit business, thus every key bit is
"real". So 128-bit key gives full 16 bytes (like IDEA, only better :-).
.....[It isn't worth extending
to 128-bit, because the main idea was to preserve the "original" DES...
All the cryptanalytic tests done on DES apply fully. Once we start doin'
something to the rounds (besides increasing their number :-), many bets
are off.]
It also avoids worrying aobut the CFB length.
(:-) This is the least of my worries.
--
Regards,
Uri uri(_at_)watson(_dot_)ibm(_dot_)com
-=-=-=-=-=-=-
<Disclaimer>