Decrypt DES by password

Paul Rubin http
Mon May 15 20:32:47 CEST 2006

Thomas Dybdahl Ahle <thomas at localhost.localdomain> writes:
> byte[] array2 = bytes1.CryptDeriveKey("DES", "MD5", 0, array1);
> > Anybody know how to do this in python?

I'm not aware of a standard that says how CryptDeriveKey is supposed
to work.  Or rather, there are multiple possible standard ways to do
it.  If you can find an exact specification, or C# source code that
does it, it will probably be straightforward to reimplement in Python.

If you want to just do something generic and don't need to
interoperate with a C# application that uses CryptDeriveKey, the
following should be ok:

   import hmac
   password = 'the big sekrit password goes here'

   key1 = hmac.HMAC(password, '1').digest()[:8]   # get 8 bytes

And if you need additional keys, such as for triple DES:

   key2 = hmac.HMAC(password, '2').digest()[:8]   # get 8 bytes
   key3 = hmac.HMAC(password, '3').digest()[:8]   # get 8 bytes

If you want to be fancier you could try PKCS5 KDF2:

CryptDeriveKey may in fact be doing something like this.

More information about the Python-list mailing list