What are the 16 “weak keys” for DES, and how are they handled?
There are 16 weak keys defined for DES. Weak keys (K) have the property that there exists a dual key (K’) for which encryption with K is the same as decryption with K’, and vice versa (K and K’ are both weak keys). In other words encrypting a message with a weak key K produces the same output as decrypting it with K’. See section 3.6 of FIPS PUB 74 for further details. These weak keys (K and K’) are: E001E00lFl0lFl0l 01E001E00lFl0lFl FElFFElFFEOEFEOE 1FFElFFEOEFEOEFE E01FE01FF10EF10E 1FE01FEOOEF10EF1 01FE01FE01FE01FE FE01FE01FE01FE01 011F011F0l0E010E 1F011F0l0E0l0E01 E0FEE0FEFlFEFlFE FEE0FEE0FEFlFEF1 0101010101010101 FEFEFEFEFEFEFEFE E0E0E0E0FlFlFlFl lFlFlFlF0E0E0E0E The keys in the last row are unique in that they are equal to their duals (i.e. K = K’ ). The result of this is that a message encrypted twice with one of these keys produces the original message! For security reasons, all of the weak keys are to be avoided. Bokler’s TDEScipher and DEScipher controls produce a fault event
