> Out of 2^56 DES keys, there are four weak keys and 12 semi-weak keys. > The odds of getting a weak key are incredibly slight. Most people > don't bother to check, and it isn't considered a security risk.
True, weak or semi-weak keys are improbable. I was thinking more about maintaining proper key parity. Does a client of EVP need to worry about making sure that if DES is the underlying cipher, that passed keys have the proper parity? Thanks, James ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
