passlib.utils.des - DES routines

Warning

NIST has declared DES to be “inadequate” for cryptographic purposes. These routines, and the password hashes based on them, should not be used in new applications.

This module contains routines for encrypting blocks of data using the DES algorithm. Note that these functions do not support multi-block operation or decryption, since they are designed primarily for use in password hash algorithms (such as des_crypt and bsdi_crypt).

passlib.utils.des.expand_des_key(key)

convert DES from 7 bytes to 8 bytes (by inserting empty parity bits)

passlib.utils.des.des_encrypt_block(key, input, salt=0, rounds=1)

encrypt single block of data using DES, operates on 8-byte strings.

Parameters:
  • key – DES key as 7 byte string, or 8 byte string with parity bits (parity bit values are ignored).
  • input – plaintext block to encrypt, as 8 byte string.
  • salt – Optional 24-bit integer used to mutate the base DES algorithm in a manner specific to des_crypt and its variants. The default value 0 provides the normal (unsalted) DES behavior. The salt functions as follows: if the i‘th bit of salt is set, bits i and i+24 are swapped in the DES E-box output.
  • rounds – Optional number of rounds of to apply the DES key schedule. the default (rounds=1) provides the normal DES behavior, but des_crypt and its variants use alternate rounds values.
Raises:
  • TypeError – if any of the provided args are of the wrong type.
  • ValueError – if any of the input blocks are the wrong size, or the salt/rounds values are out of range.
Returns:

resulting 8-byte ciphertext block.

passlib.utils.des.des_encrypt_int_block(key, input, salt=0, rounds=1)

encrypt single block of data using DES, operates on 64-bit integers.

this function is essentially the same as des_encrypt_block(), except that it operates on integers, and will NOT automatically expand 56-bit keys if provided (since there’s no way to detect them).

Parameters:
  • key – DES key as 64-bit integer (the parity bits are ignored).
  • input – input block as 64-bit integer
  • salt – optional 24-bit integer used to mutate the base DES algorithm. defaults to 0 (no mutation applied).
  • rounds – optional number of rounds of to apply the DES key schedule. defaults to 1.
Raises:
  • TypeError – if any of the provided args are of the wrong type.
  • ValueError – if any of the input blocks are the wrong size, or the salt/rounds values are out of range.
Returns:

resulting ciphertext as 64-bit integer.