3DES

When researchers discovered attacks on DES that rendered the decades old algorithm insecure, security professionals faced a dilemma. They had tons of old equipment designed to work with DES, but they weren't able to rely on that equipment security. While the government worked to adopt the new Advanced Encryption Standard, which I'll cover in the next video, practical security professionals around the world discovered a work-around. By using the DES algorithm on the same text multiple times, they could achieve greater security. Specifically, three rounds of DES encryption produces much stronger security than existed with standard DES. They called this approach Triple DES, sometimes written as 3DES. Here's how Triple DES works. The person encrypting a message feeds it into the DES algorithm using the first DES key, K1. This produces ciphertext encrypted with the standard Data Encryption Standard algorithm. The sender then takes this output and feeds it into the DES algorithm again, this time using Key 2, producing a second ciphertext that is double encrypted. The sender then takes this final output and feeds it into DES a third time with a third key, producing the final Triple DES encrypted message. The recipient then reverses this process, feeding the message through the decryption function in the reverse order with Key 3, Key 2, and Key 1. There are three different keying options for Triple DES. In the first option, Key 1, Key 2, and Key 3 are different from each other. This is the strongest approach, and it results in encryption with an effective key strength of 112 bits. In the second option, Keys 1 and 3 are the same. This requires fewer keys, but it reduces the strength of the algorithm to 80 bits. And in the final option, all three keys are the same. This emulates the standard DES algorithm, and it's just as insecure as the standard approach. It's included for backwards compatibility with DES, but it is definitely not a good option. At this point, you might be asking yourself the question, why Triple DES? Why not just use DES twice? The answer is that, using the algorithm twice is subject to an attack known as a meet-in-the-middle attack. That makes it no more secure than the standard DES algorithm. Recent research in cryptography discovered new flaws in Triple DES that weaken the algorithm security. For this reason, the federal government no longer recommends the use of Triple DES and is phasing it out for government applications. Here are some of the key facts that you should know about Triple DES. Like DES, it's a symmetric encryption algorithm and a block cipher that works on 64-bit blocks. When used with three keys, Triple DES has an effective key length of 112 bits, but weaknesses in the algorithm now mean that it's being phased out.