Weak keys are certain cryptographic keys for which the block cipher will exhibit certain regularities in encryption or result in weak encryption. DES has four weak keys k for which E_{k}(E_{k}(m)) = m. This means if you used one of these weak keys, then encrypted it again using the same key, you would have the original plaintext. There are also twelve semi-weak keys which come in pairs k_{1} and k_{2} and are such that E_{k1}(E_{k2}(m)) = m. This means that you would have a pair of keys, and after encrypting with key 1 you again encrypted with key 2. This would result in the plaintext. Since there are 2^{56} possible DES keys as it is a 56 bit cipher, the chance of picking a weak or semi-weak key at random is 2^{-52}. As long as the user-provided key is chosen entirely at random, weak keys can be effectively ignored when DES is used for encryption. However, if youâ€™re the tinfoil hat type, you can test to see if they key you are using is in fact a weak key. This is a one-time test that takes an inconsequential amount of time, so it has no impact on the overall speed of encryption.

For IDEA there is a not as severe class of keys for which analysis of the ciphertext is greatly eased and the key can possibly be recovered. However, like DES, the number of weak keys is such a small fraction of all possible keys that the chance of picking one at random is exceptionally small. They effectively pose little to no threat to the security of the cipher itself and are more proof of concept than anything else.

Of course, for other block ciphers, there might well be a large set of weak keys or a set of keys that result in such obviously weak encryption that the chances of picking a weak key are too large for comfort. In such cases, the presence of weak keys would have an obvious impact on the security of the cipher.