D
Doug Sauder
I know what a weak key is. However, I wonder if the team that designed the
..NET class library took into consideration the fact that DES is used for
protocols other than bulk encryption. In my case, I am using DES to create
the hashed password for NTLM authentication. Therefore, I have no control
over the choice of the DES key, and the weak key is inavoidable. (BTW, the
particular "weak key" that causes a real problem is all zero bytes.)
An easy solution to my problem would be to use the class library (or perhaps
the Win32 security services) to get the NTLM client responses. If that is
not possible, it would be nice to catch the security exception that results
from the weak key and use the weak key anyway. Is there any way to force
the DES implementation to use the weak key?
Note that I am using SMTP, IMAP4, and other email protocols. I'm not sure
if I can use AuthenticationManager and related classes, as they seem to be
design for HTTP.
..NET class library took into consideration the fact that DES is used for
protocols other than bulk encryption. In my case, I am using DES to create
the hashed password for NTLM authentication. Therefore, I have no control
over the choice of the DES key, and the weak key is inavoidable. (BTW, the
particular "weak key" that causes a real problem is all zero bytes.)
An easy solution to my problem would be to use the class library (or perhaps
the Win32 security services) to get the NTLM client responses. If that is
not possible, it would be nice to catch the security exception that results
from the weak key and use the weak key anyway. Is there any way to force
the DES implementation to use the weak key?
Note that I am using SMTP, IMAP4, and other email protocols. I'm not sure
if I can use AuthenticationManager and related classes, as they seem to be
design for HTTP.