Does the DUKPT algorithm generate weak DES keys?

Question

I'm using the DUKPT algorithm to generate keys for the DES encryption algorithm. The C# implementation of DES throws an exception when you attempt to use a weak key.

Is it possible for the DUKPT algorithm to generate weak keys, or does it avoid them? What can I do if it does generate a weak key?

When DUKPT (Derived Unique Key Per Transaction) generates a weak key, I cannot use this key for the DES algorithmus. — MjeOsX, May 10 '12 at 12:52
I have asked a question Is it possible that the DUKPT algorithmus generates keys like this? But I have forgot the question mark :) — MjeOsX, May 10 '12 at 13:07
OK. I've rephrased the question. Is this what you wanted to ask? — Roger Lipscombe, May 10 '12 at 13:11

score 4 · Answer 1 · answered May 10 '12 at 12:59

Possible, but very unlikely. The DUKPT algorithm gives a unique key for every transaction, and all bits at any time can be set or not, therefore it is possible for it to generate a "weak" key of all 0s. Depending on the size of your key it becomes much less likely to happen of course, and you want to be careful about arbitrarily throwing out "weak" keys, as that weakens the other keys as well.

An all zero key happens 1 time out of 2^(N) where N is the number of bits in your key, so for your 64 bit key: 1/(2^64)...needless to say, not very often. Since the DUKPT generates a unique key per transaction, you should be fine using it without checking for that case in DES since you'll presumably be doing all 16 rounds anyways.

in this case i will realize it at first without this check thank you for the answer — MjeOsX, May 10 '12 at 14:14

Does the DUKPT algorithm generate weak DES keys?

1 Answers1