[Polizeiposaune]

The key sizing seems very odd - 4 bytes for DES? Even in the bad old days of 40-bit export crypto you'd get at least 5 bytes. For full-strength single-DES I'd expect either 7 or 8 bytes (56 bits of key used by the algorithm, but there's an quirk around key parity that means keys are commonly represented in 8 bytes).

And a 27-byte key for AES-256 is also slightly undersized. Far from catastrophic but, like brown M&M's in the green room of a Van Halen concert venue, it's a strong signal that something is off...

[userbinator]

To me, it's a sign of crypto being used to tick off a box (and perhaps not arouse concerns around export), and not anything resembling a serious security system. "Locks are for keeping honest people honest," as the saying goes.

[canucker2016]

It's even worse than the key derivation. from the poster's Github repo, https://github.com/jtsylve/spice-crypt/blob/v2.0.1/SPECIFICA...:

  Modes 0–2 use a custom DES variant that retains the standard 16-round Feistel network structure but differs from FIPS 46-3 in its permutation tables, S-boxes, and key rotation direction.

Why would you need a custom DES variant? Did Cadence have a cryptographer on staff? Or did they license this DES-variant? Or was a three-letter US government agency involved?

Looks like the DES-related modes were developed back before crypto code export restrictions were relaxed.

[CodesInChaos]

I think they concatenate a 4-byte key and a 4 byte versions string to get the full 8-byte DES key.

And the idea for the AES key seems to have been: 27-byte key, 4-byte version, 1 byte null terminator for a total of 32 bytes.