Comtech EF Data CDM-570 User Manual

CDM-570/570L Satellite Modem with Optional IP Module

Revision 12

Ethernet IP Module - CLI and Telnet Operation

MN/CDM570L.IOM

14–12

A 24 Byte [192-bit] 3xDES key is actually a combination of 3 single DES keys of
8 Bytes [64-bits]. The CLI will display the Key with a space separating the Key
into 3 sections. In the screen capture above, Transmit Key 1 is displayed as:

2222222222222222 4444444444444444 6666666666666666

Consider the first section as Key1A, the second as Key1B, and the third as
Key1C.

Data is first encrypted with Key1A and then decrypted with Key1B and again
encrypted with Key1C. So if a user specifies all the three Keys the same, (like
48 ‘1's OR all the characters in DES key the same) the cumulative effect of
3xDES is just a single DES. When data is first encrypted with Key1A and
decrypted with Key1B we get back the original data and then when encrypted
with Key1C results in a total effect of single DES key.

Because of this, the user is required to enter unique 64-bit keys.
If any 2 sections of the Key match, the IP Module will respond

Invalid Key – Please Re-enter.

Also, the Least Significant bit of each byte in a 24-byte [192-bit] 3xDES key is
reserved for the DES Algorithm for parity. Entries of 1, 3, 5, 7, 9, B, D, or F will
have all the corresponding bit positions masked. So a Key entry of:

1111111133333333 5555555577777777 99999999BBBBBBBB

becomes

1010101032323232 5454545476767676 98989898BABABABA