A PROJECT REPORT ON

‘PASSWORD ENCRYPTION USING

DES ALGORITHM’

BY
VINOD KUMAR (6142)
IQBALUDDIN SYED (7842)

GUIDE
DR.PING WONG

SUMMER 2004
CALIFORNIA STATE UNIVERSITY
HAYWARD
 TABLE OF CONTENTS

INTRODUCTION / PROJECT PROPOSAL--------------------------------3

DES: HISTORY & INTRODUTION------------------------------------------4

DES MODES------------------------------------------------------------------------5

SECURITY OF DES--------------------------------------------------------------7

TRIPLE-DES------------------------------------------------------------------------7

OUR DEVELOPMENT STRATEGY-----------------------------------------8

TEST LOG---------------------------------------------------------------------------9

CONCLUSION---------------------------------------------------------------------11

REFERENCES---------------------------------------------------------------------12

2
INTRODUCTION / PROJECT PROPOSAL

The goal of this project is to encrypt passwords using DES before it can be stored in the
database or file. Most of the web sites require users to register before they could use the
website. As a result, most websites store user’s password as plain text in the database or
any file. Anyone with some efforts can get to the password. This project will use file to
store username and encrypted passwords. This simple application will allow users to
register with username and password.
In this report, we will detail the history and fundamentals of the DES algorithm, discuss
the modes of operation of DES, Security of DES.We will also see how triple DES differs
from DES and we will detail our DES Implementation approach, test log/s of our
Implemetation, followed by our conclusion and references.

3
DES: HISTORY & INTRODUTION
DES originated at IBM in 1977, it was adopted by the NIST as the standard encryption
algorithm for protecting unclassified information within the United States. The DES held
up pretty well to public cryptanalytic attacks until the mid-1990s when attacks based on
differential cryptanalysis and linear cryptanalysis were identified. It is specified in the
ANSI standards. DES has enjoyed general acceptance as the standard for symmetric
encryption.
Despite its vulnerability, DES is still in use in many applications and provides reasonable
security in cases where the cost of carrying out a DES attack outweighs the value of the
information being protected. In addition, DES is being used in more sophisticated ways,
such as in the TripleDES algorithm. These protect DES from being broken using
publicly-available computing resources and cryptanalysis techniques

DES is a symmetric block cipher that transforms 64-bit data blocks using a 56-bit shared
secret key, involving 16 rounds of permutation and substitution.
The overall scheme of DES encryption is illustrated in Figure 1 given on the next page.
There are two inputs to the encryption function: the plaintext to be encrypted and the key.
In case of DES, the plaintext is 64 bits in length and key is 56 bits long.
The left hand side of the figure shows that the processing of the plaintext proceeds in
three phases. First, the 64-bit plaintext passes through an initial permutation (IP) that
rearranges the bits to produce a permuted input. This is followed by a phase consisting of
16 rounds of the same function, which involves both permutation and substitution
functions. The output of the last (16th) round consists of 64 bits that are a function of the
input plaintext and the key. The left and the right halves of the output are swapped to
produce the preoutput.Finally the preoutput is passed through a permutation (IP-1) that is
the inverse of the Initial permutation function, to produce the 64-bit cipher-text.
The right hand portion of the figure 1 shows the way in which the 56 bit key is used.
Initially the key is passed through a permutation function. Then, for each of the 16
rounds, a sub-key (Ki) is produced by the combination of a left circular shift and a
permutation. The permutation function is the same for each round, but a different sub-key
is produced because of the repeated iteration of the key bits.

4
 Figure 1

Figure 2 shows the internal structure of a single round. The left and the right halves of
each 64-bit intermediate value are treated as separate 32-bit quantities, labeled Li (left)
and Ri(right).Each round involves a complex sequence of operations involving
permutations,substitutions,and the exclusive-OR (XOR) function.

DES MODES
The DES algorithm may be used in several modes of operation depending on its
application. Four of these modes are described in FIPS 81:
Electronic Codebook (ECB) mode—Encryption is performed in 8-byte blocks with
subsequent ciphertext being independent of previous plaintext or ciphertext.
Cipher Block Chaining (CBC) mode—Encryption is performed in 8-byte blocks with
the ciphertext output of encrypting block n being combined (XORed) with the plaintext
input of block n+1.

5
 Li-1 (32 Bits) Ri-1 (32 Bits)

Expansion/Permutation

Ki
XOR

Substitution/Choice (S-Box)

Permutation (P)

XOR

Li Ri

Figure 2: Single Round of DES

Cipher Feedback (CFB) mode—Encryption is performed on a number of bits fewer
than 64 bits with the ciphertext output of previous bits being combined (XORed) with the
plaintext of new bits.
Output Feedback (OFB) mode—DES is used to create a pseudo-random bit stream that
is combined with plaintext via an XOR (exclusive OR) operation to produce a ciphertext
stream.

6
In addition to the above four modes, Two additional modes, One known as Propagating
Cipher Block Chaining (PCBC), is in popular use. PCBC differs from CBC in that both
the ciphertext output of encrypting block n and the plaintext input of block n are
combined with the plaintext input of block n+1.Other is known as counter mode which is
popular among ATM networks.

SECURITY OF DES
This secret key encryption algorithm uses a key that is 56 bits, or seven characters long.
At the time it was believed that trying out all 72,057,594,037,927,936 possible keys (a
seven with 16 zeros) would be impossible because computers could not possibly ever
become fast enough. In 1998 the Electronic Frontier Foundation (EFF) built a special-
purpose machine that could decrypt a message by trying out all possible keys in less than
three days. The machine cost less than $250,000 and searched over 88 billion keys per
second.

TRIPLE-DES
The Triple-DES variant was developed after it became clear that DES by itself was too
easy to crack. It uses three 56-bit DES keys, giving a total key length of 168 bits.
Encryption using Triple-DES is simply

encryption using DES with the first 56-bit key

decryption using DES with the second 56-bit key

encryption using DES with the third 56-bit key

Because Triple-DES applies the DES algorithm three times (hence the name), Triple-
DES takes three times as long as standard DES. Decryption using Triple-DES is the same
as the encryption, except it is executed in reverse.

7
OUR DEVELOPMENT STRATEGY:

Our development strategy for the Implementation of the DES algorithm was to generate a
code in JAVA programming language with Windows 2000 as the environment.
Our goal for this project was to implement DES and to demonstrate the functionality of
the DES algorithm.
Our DES program takes two parameters:
1. A message string composed of 8 characters (any number or alphabet) which will
be the plaintext ,and
2. A key of 64 bits long in the form of 8 numbers or characters which is converted to
56 bits internally
It produces cipher text as the output for the message string in bits. It also displays the
decrypted plain text in bits for the encrypted cipher text. The algorithm when run in
reverse can produce the original plaintext back when inputted the cipher-text and the key
used for encryption. The 16 keys generated are also shown in the output so that we know
what keys are used at each round. This (key) output can also be suppressed when needed.
To run the program we will have to load the class file in some directory on the hard disk
and then access the command prompt from the same directory where the code is loaded.
The syntax of the command is as follows:
C:\>java DES ed csuh6520 pingwong
Here ‘DES’ is the name of the class file ,’ed’ is the instruction for what needs to be done
,In this case ‘ed’ means encrypt the plaintext (p), get the ciphertext (C) and then decrypt
the ciphertext to get the original plaintext (p’) back. If we just use ‘e’ instead of ‘ed’, it
will only encrypt the plaintext (p) and give you the ciphertext (C), whereas if you use‘d’
instead of ‘ed’,it will decrypt the input (ciphertext C) and give you the plaintext (p’).
‘csuh6520’ represents the plaintext and ‘pingwong’ represents the key.
The program uses ECB (electronic codebook mode) to encrypt and decrypt which is
described earlier in the report.
Limitations: When you perform decryption only, then cipher text needs to be in multiple
of 64bits only.

8
TEST LOG

Here Name of the class (java) file is DES, ed means encrypt and decrypt

Lets say plaintext= csuh6520

And the key = pingwong

Following is the output from our program.

It displays 16 keys, plaintext in binary, ciphertext and plaintext back as per your request.

“C:\Documents and Settings\isyed>java DES ed csuh6520 pingwong

Processing...

Original plain text = csuh6520

key = 01110000 01101001 01101110 01100111 01110111 01101111 01101110

01100111

key length = 64

K+ = 00000000 11111111 11111111 00011111 11001111 11000110 01100001

k+ length = 56

key1 = 111000 001011 111001 101110 101101 110110 011100 101111 (48bits)

key2 = 111000 001011 011011 110110 001101 110101 111100 000111 (48bits)

key3 = 111101 001101 011001 110110 010111 100010 000111 110110 (48bits)

key4 = 111001 101101 001101 110010 111001 011110 100111 001101 (48bits)

key5 = 101011 101101 001101 110111 011000 101011 011011 011011 (48bits)

9
key6 = 101011 110101 001101 011011 111111 111001 010100 101111 (48bits)

key7 = 001011 110101 001111 111001 000011 100101 111111 101010 (48bits)

key8 = 100111 110101 100111 011001 010111 001111 100101 110101 (48bits)

key9 = 000111 110100 100111 011011 111011 001100 100001 111101 (48bits)

key10 = 001111 110110 100110 011101 110000 111111 111011 011010 (48bits)

key11 = 000111 110010 110110 001101 101111 011001 011100 111001 (48bits)

key12 = 010110 110010 110010 111101 100110 110101 111001 100110 (48bits)

key13 = 110111 011010 110010 101100 010111 001110 101110 110100 (48bits)

key14 = 110100 101010 111010 101110 101100 010110 110011 011101 (48bits)

key15 = 111110 001011 111000 100110 111010 111011 001010 010011 (48bits)

key16 = 111100 011011 111000 100110 101110 111010 001110 111011 (48bits)

plain text in binary= 01100011 01110011 01110101 01101000 00110110 00110101 001

0010 00110000

plain text length = 64

cipher text =
0011000000101100011011001100011101011101101100110010011011011110

Decrypted plain text = csuh6520

How to Run the program:-

$Java DES ed|e|d plaintext key

ed – this option will take plain text, generate cipher text and decrypt cipher text back to
plain text

10
e – This will just encrypt the plain text and generates cipher text.

d- This will take cipher text as input and generate the plain text

Note: This program uses ECB mode for streaming. If the message is less than 64 bits or
not multiple of 64bits, it’s padded with zero’s to make it multiple of 64bits. The padded
bits are removed at the end.

CONCLUSION

The Data Encryption Standard (DES) is one of the most popular encryption algorithm
used until recently. It does not compare to other advanced algorithms (Ex:AES) in the
context of security because of its comparatively small key length that makes DES
susceptible to cryptanalysis. Algorithms like AES are more secure than DES due to the
fact about its greater key size and difficulty in computations
In our implementation of the DES algorithm, we tried to match the maximum
requirements of DES but since this is not the perfect world, there are some limitations to
our code also like cipher text needs to be in multiple of 64bits when only decryption is
needed.
Overall DES is an algorithm which had wide acceptance in the world and was the only
encryption algorithm which was deployed on such a large scale.

11
REFERENCES

1. Cryptography and Network Security----------------------------William Stallings

2. SNMP, SNMP v2, SNMPv3 and RMON1 and 2----------------William Stallings

3. http://www.iusmentis.com/technology/encryption/des/

4. http://www.thenextwave.com/page19.html

5. References from www.whatis.com

6. www.cisco.com

7. http://security.tao.ca/crypt.shtml

8. http://www.aci.net/kalliste/des.htm

9. http://www.counterpane.com/aes-comparison.html

12