Why can I encrypt data with one DES key and successfully decrypt with another?

Question

I tried to implement DES algorithm using pyDes and Crypto.Cipher.DES modules. I found a problem that when I encrypt with 82514145 key and then decrypt the cipher with 93505044 I can retrieve the decrypted text. I found 256 keys behaving like this. This is violation of cryptography. My code is as follows:

    from Crypto.Cipher import DES
    plain_text = 'asdfghij'
    print 'plain Text: ', plain_text

    des = DES.new('82514145', DES.MODE_ECB)
    cipher_text = des.encrypt(plain_text)
    print 'the cipher text is ', cipher_text

    des = DES.new('93505044', DES.MODE_ECB)
    print 'the decrypted text is: ', des.decrypt(cipher_text)

Output is:

plain Text:  asdfghij

the cipher text is  @�Z����

the decrypted text is:  asdfghij

Is there any mistake in my work? I got same results with pyDes also.

Answer 1

DES keys are only 56 bits long, but they are expanded to 64 bits thanks to parity bits. The eighth bit of each byte should be set to ensure odd parity.

Many crypto libraries ignore parity bits, which means there are many ways to represent the same 56-bit key in a 64-bit key string. In fact, there are 2⁸ different ways, which explains why you found 256 matching keys.

Your example includes two key values that differ only in parity bits. See below - parity bits are in []:

82514145 
= 0x3832353134313435 
= 0011100[0] 0011001[0] 0011010[1] 0011000[1] 0011010[0] 0011000[1] 0011010[0] 0000000[0]

93505044 
= 0x3933353035303434 
= 0011100[1] 0011001[1] 0011010[1] 0011000[0] 0011010[1] 0011000[0] 0011010[0] 0000000[0]

Neither key is actually truly valid. The correct representation of that key is: 0x3832343134313401.

Answer 2

This is a great example of why you should never use a user provided password as a key itself in a key in a cipher. You should use a key derivation function instead.

Also, you shouldn't be using DES for purposes other than education, as it's generally regarded as being insecure. The key is considered too short nowadays, and there are some known attacks to reduce its complexity.