In cryptography, CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength of the 56-bit DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key shortening. It is one of the cryptographic algorithms supported by S-HTTP.
Like DES, CDMF accepts a 64-bit input key, but not all bits are used. The algorithm consists of the following steps:
- Clear bits 8, 16, 24, 32, 40, 48, 56, 64 (ignoring these bits as DES does).
- XOR the result with its encryption under DES using the key 0xC408B0540BA1E0AE.
- Clear bits 1, 2, 3, 4, 8, 16, 17, 18, 19, 20, 24, 32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.
- Encrypt the result under DES using the key 0xEF2C041CE6382FE6.
The resulting 64-bit data is to be used as a DES key. Due to step 3, a brute force attack needs to test only 2<sup>40</sup> possible keys.