Linksys BEFVP41 Key Truncation Encryption Weakening Vulnerability
The BEFVP41 is a hardware router implementation. It is distributed and maintained by Linksys.
Triple DES keying on the BEFVP41 supports a maximum of 48 hex character keys for encryption by specification. However, when a user attempts to manually enter a generated Triple DES key of any length greater than 23 bytes, the key is truncated to a maximum of 23 bytes.
This problem also exists in the MD5 authentication key, which by specification can be a maximum of 32 hex characters. Manual entry of the key results in a truncated key maximum length of 19 bytes.
This problem results in weakened encryption keys, and could increase the probability of successful brute force encryption attack and data recovery.