From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Roman V. Shaposhnick" To: 9fans@cse.psu.edu Message-ID: <20021212055735.A2709@unicorn.math.spbu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [9fans] passtokey question Date: Thu, 12 Dec 2002 05:57:35 +0300 Topicbox-Message-UUID: 32e366f0-eacb-11e9-9e20-41e7f4b1d025 I'm quite new to the world of auth related algorithms, so my question might be a FAQish one, but nevertheless, here it is anyway. Why passtokey works the way it does. I suppose there were some security related considerations, by I can't seem to grasp, why, for example, this is being done: for(i = 0; i < DESKEYLEN; i++) key[i] = (t[i] >> i) + (t[i+1] << (8 - (i+1))); where you kinda shuffle bytes around, but why ? Just to stuff 8 bytes from t into 7 bytes of key ? On the similar note, why did you chose to re-encode parts of t with a previous key, and not some other way of stuffing long passwords into 7bytes long DES key ? Thanks, Roman.