# Weak key

In cryptology , a weak key leads to undesirable, unexpected behavior in the encryption process . Usually there are very few weak keys among all possible keys; thus the danger from weak keys can be largely eliminated by choosing the key at random. The chance that a weak key will be used is therefore usually negligible. However, one tries to avoid weak keys completely when developing an encryption method.

## OF

DES, the long obsolete data encryption standard, is known for its weak keys . There are four weak keys . If the plain text is encrypted with the weak key - and the ciphertext is encrypted again with the same key , the plain text is created again : ${\ displaystyle K}$${\ displaystyle M}$${\ displaystyle K}$${\ displaystyle K}$${\ displaystyle M}$

${\ displaystyle E_ {K} (E_ {K} (M)) = M}$

The double encryption is therefore involved : The repeated use of the same operation leads back to the initial value. DES encryption with one of the weak keys is therefore equivalent to the (completely insecure) ROT13 method.

The four weak DES keys are, in hexadecimal notation:

• Alternating zeros and ones: 0x0101010101010101
• Alternating F and E: 0xFEFEFEFEFEFEFEFE
• 0xE0E0E0E0F1F1F1F1
• 0x1F1F1F1F0E0E0E0E

There are also six semi-weak key pairs. For these, the initial value is restored if the encryption takes place with the key , and the repeated encryption with the key : ${\ displaystyle K_ {1}}$${\ displaystyle K_ {2}}$

${\ displaystyle E_ {K_ {2}} (E_ {K_ {1}} (M)) = M}$

The key pairs and are: ${\ displaystyle K_ {1}}$${\ displaystyle K_ {2}}$

• 0x011F011F010E010E and 0x1F011F010E010E01
• 0x01E001E001F101F1 and 0xE001E001F101F101
• 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
• 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
• 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
• 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1

Since DES had very few weak keys, all of which were known, these weak keys were not a cryptological problem. The implementation of the procedure could recognize and reject a weak key, and DES had possible keys anyway . The probability of using one of the weak keys by accident was negligible. ${\ displaystyle 2 ^ {56} = 72,057,594,037,927,936}$