From BitcoinWiki
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search

In cryptography, CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength of the 56-bit DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key shortening. It is one of the cryptographic algorithms supported by S-HTTP.


Like DES, CDMF accepts a 64-bit input key, but not all bits are used. The algorithm consists of the following steps:

  1. Clear bits 8, 16, 24, 32, 40, 48, 56, 64 (ignoring these bits as DES does).
  2. XOR the result with its encryption under DES using the key 0xC408B0540BA1E0AE.
  3. Clear bits 1, 2, 3, 4, 8, 16, 17, 18, 19, 20, 24, 32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.
  4. Encrypt the result under DES using the key 0xEF2C041CE6382FE6.

The resulting 64-bit data is to be used as a DES key. Due to step 3, a brute force attack needs to test only 2<sup>40</sup> possible keys.


See Also on BitcoinWiki[edit]