CDMF

In cryptography, CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength of the 56-bit DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key shortening. It is one of the cryptographic algorithms supported by S-HTTP.

Algorithm

Like DES, CDMF accepts a 64-bit input key, but not all bits are used. The algorithm consists of the following steps:

1. Clear bits 8, 16, 24, 32, 40, 48, 56, 64 (ignoring these bits as DES does).
2. XOR the result with its encryption under DES using the key 0xC408B0540BA1E0AE.
3. Clear bits 1, 2, 3, 4, 8, 16, 17, 18, 19, 20, 24, 32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.
4. Encrypt the result under DES using the key 0xEF2C041CE6382FE6.

The resulting 64-bit data is to be used as a DES key. Due to step 3, a brute force attack needs to test only 2⁴⁰ possible keys.

References

• D.B. Johnson; S.M. Matyas; A.V. Le; J.D. Wilkins (March 1994). "The Commercial Data Masking Facility (CDMF) data privacy algorithm" (PDF). IBM Journal of Research and Development. 38 (2). IBM: 217–226. doi:10.1147/rd.382.0217. Retrieved April 11, 2007.
• U.S. patent 5,323,464, IBM's patent on CDMF
• ISO/IEC9979-0005 Register Entry (PDF), registered October 29, 1994
• Schneier, Bruce (1996). Applied Cryptography (2nd ed.). John Wiley & Sons. p. 366. ISBN 0-471-11709-9.
• RFC 2660, defines S-HTTP