DES
 * data encryption standard
 * somewhat dated ; now AES is more common
 * key : 56 bit = = 14 hex values = 7 bytes
   (input key is 64 bits ; 56 are selected by algorithm)
 * brute force attack : 
    2**56 = 7e16 keys ; to break in 1 day need 2e9/day ... doable.
 * block size : 64 bit = 16 hex values = 8 bytes
 * NSA involved in vetting design; many thought they had a back door
 * in practice typically done in CBC (cipher block chain) 
   with an IV (initial vector) and KEY

 even when proposed, 56 bit key was seen as too small;
 reduced from 128 so as to "fit on a single chip".

 references : 
 * http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
 * http://en.wikipedia.org/wiki/Padding_(cryptography)
 * http://en.wikipedia.org/wiki/Data_Encryption_Standard
 * http://stackoverflow.com/questions/4090098/what-would-be-openssl-enc-a-e-salt-des3-pass-passabc123-equivalent-in-n
 * http://en.wikipedia.org/wiki/Initialisation_vector
 * http://en.wikipedia.org/wiki/Salt_(cryptography)
 * http://www.openssl.org/docs/apps/enc.html
 * http://en.wikipedia.org/wiki/DES_supplementary_material

CBC cipher block chaining
   given plain_i where i=1,2,3,4,...
   a crypt function and an IV (initial vector), and using XOR
       crypt_1 = IV     xor crypt(plain_1, KEY)
       crypt_2 = cypt_1 xor crypt(plain_2, KEY)
       ...
   decoding needs (IV, KEY)

PKCS7 padding (from wikipedia article)
  padding is in whole bytes.
  value of each byte added is number of bytes, i.e. one of
     01
     02 02
     03 03 03
     04 04 04 04 
  out to whatever block boundry is needed.

MD5  : outputs 128 bit = 32 hex = 16 byte hash
SHA1 : outputs 160 bit = 50 hex = 20 byte hash

-- DES using command line openssl --

 $ openssl dgst -sha1 filename

 $ openssl version
 1.0.0g 18 Jan 2012

  You can specify either a key & IV explicitly, or set a password, let
  it pick a salt, and it'll use those to generate the key & IV, saving
  the salt in the encypted file.

  1st version : 
  $ openssl enc -DES -in plain.txt -out crypt1.txt \
    -K 1234567812345678 -iv abcdabcdabcdabcd

  2nd version: 
  $ openssl enc -DES -in plain.txt -out crypt2.txt \
    -pass pass:funkypassword -salt

  plain.txt  : 70 bytes
  crypt1.txt : 72 bytes (padded to multiple of 8)
  crypt2.txt : 88 bytes (1st 8 bytes "Salted__", 2nd 8 bytes <salt>)

  You can view crypt.txt with hexl-mode in emacs.

  It isn't clear to me what algorithm openssl uses
  to generate the key and iv from the password and salt.
  There is a description for 3des that says (using comma for concat)
   A = MD5(psswd , salt)       16 bytes
   B = MD5(A , psswd , salt)   16 bytes
   KEY , IV = A , B            32 bytes = 24 bit key, 8 bit iv

--- AES ---
 * 128 bit blocks
 * 128, 192, or 256 bit key
 * rounds: 10, 12, or 14

 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard