<Li> IDEA . IDEA's weak keys are identifiable in a chosen - plaintext attack . They make the relationship between the XOR sum of plaintext bits and ciphertext bits predictable . There is no list of these keys, but they can be identified by their "structure". </Li> <Li> Blowfish . Blowfish's weak keys produce bad S - boxes, since Blowfish's S - boxes are key - dependent . There is a chosen plaintext attack against a reduced - round variant of Blowfish that is made easier by the use of weak keys . This is not a concern for full 16 - round Blowfish . </Li> <P> The goal of having a' flat' keyspace (i.e., all keys equally strong) is always a cipher design goal . As in the case of DES, sometimes a small number of weak keys is acceptable, provided that they are all identified or identifiable . An algorithm that has unknown weak keys does not inspire much trust . </P> <P> The two main countermeasures against inadvertently using a weak key: </P>

Can you give an example of (possibly) weak keys of des