CDMF

In cryptography, CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength of the 56-bit DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key shortening. It is one of the cryptographic algorithms supported by S-HTTP.

Algorithm
Like DES, CDMF accepts a 64-bit input key, but not all bits are used. The algorithm consists of the following steps:


 * 1) Clear bits 8, 16, 24, 32, 40, 48, 56, 64 (ignoring these bits as DES does).
 * 2) XOR the result with its encryption under DES using the key 0xC408B0540BA1E0AE.
 * 3) Clear bits 1, 2, 3, 4, 8, 16, 17, 18, 19, 20, 24, 32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.
 * 4) Encrypt the result under DES using the key 0xEF2C041CE6382FE6.

The resulting 64-bit data is to be used as a DES key. Due to step 3, a brute force attack needs to test only 240 possible keys.