From the course: CompTIA Security+ (SY0-701) Cert Prep

3DES

From the course: CompTIA Security+ (SY0-701) Cert Prep

Start my 1-month free trial

3DES

- [Instructor] When researchers discovered attacks on DES that rendered the decades-old algorithm insecure, security professionals faced a dilemma. They had tons of old equipment designed to work with DES, but they weren't able to rely on that equipment's security. While the government worked to adopt the new advanced encryption standard, which I'll cover in the next video, practical security professionals around the world discovered a workaround. By using the DES algorithm on the same text multiple times, they could achieve greater security. Specifically, three rounds of DES encryption produces much stronger security than existed with standard DES. They called this approach Triple DES, sometimes written as 3DES. Here's how Triple DES works. The person encrypting a message feeds it into the DES algorithm using the first DES key, K1. This produces cipher text encrypted with the standard data encryption standard algorithm. The center then takes this output and feeds it into the DES algorithm again, this time using key two, producing a second cipher text that is double encrypted. The center then takes this final output and feeds it into DES a third time with a third key, producing the final Triple DES encrypted message. The recipient then reverses this process, feeding the message through the decryption function in the reverse order, with key three, key two, and key one. There are three different keying options for Triple DES. In the first option, key one, key two, and key three are different from each other. This is the strongest approach and it results in encryption with an effective key strength of 112 bits. In the second option, keys one and three are the same. This requires fewer keys, but it reduces the strength of the algorithm to 80 bits. And in the final option, all three keys are the same. This emulates the standard DES algorithm, and it's just as insecure as the standard approach. It's included for backwards compatibility with DES, but it is definitely not a good option. At this point, you might be asking yourself the question, why Triple DES? Why not just use DES twice? The answer is that using the algorithm twice is subject to an attack known as a meet-in-the-middle attack that makes it no more secure than the standard DES algorithm. Recent research in cryptography discovered new flaws in Triple DES that weaken the algorithm's security. For this reason, the federal government no longer recommends the use of Triple DES and is phasing it out for government applications. Here are some of the key facts that you should know about Triple DES. Like des, it's a symmetric encryption algorithm and a block cipher that works on 64-bit blocks. When used with three keys, Triple DES has an effective key length of 112 bits, but weaknesses in the algorithm now mean that it's being phased out.

Contents