Rejection of Weak and Semi-Weak Keys

All HSM commands that generate keys ensure that the standard DES weak or semi-weak keys can not be used. If the new key matches one of the listed weak or semi-weak keys it is rejected and the key generation process is repeated.

DES Weak Keys

0101	0101	0101	0101
FEFE	FEFE	FEFE	FEFE

1F1F	1F1F	0E0E	0E0E
E0E0	E0E0	F1F1	F1F1

DES Semi-Weak Keys

01FE	01FE	01FE	01FE
FE01	FE01	FE01	FE01

1FE0	1FE0	0EF1	0EF1
E01F	E01F	F10E	F10E

01E0	01E0	01F1	01F1
E001	E001	F101	F101

1FFE	1FFE	0EFE	0EFE
FE1F	FE1F	FE0E	FE0E

011F	011F	010E	010E
1F01	1F01	0E01	0E01

E0FE	E0FE	F1FE	F1FE
FEE0	FEE0	FEF1	FEF1