Triple DES Encryption
The predecessor to Triple DES was DES, which was a fantastic answer to a problem in the 1970s; however, what the developers did not expect, or anticipate, was how much the world would change in less than 30 years. They did not understand that they were on the leading edge of the IT revolution. Ultimately, however, technology has made the protection level of DES such that it left businesses needing another solution.
The DES algorithm became obsolete after it was cracked. To fill the gap, Triple DES (written as 3DES) was developed from the original DES algorithm. The development of 3DES happened quickly because it was based on the existing DES algorithm.
Looking at the names of the two different algorithms, you might be inclined to believe that 3DES makes your encryption three times more difficult to break. 3DES actually makes your encryption five billion, trillion, trillion times harder to break—that is, 5 × 1033.
The 3DES algorithm uses three separate keys when running its encryption algorithm and associated computations. Through the use of three 64-bit keys, the key length has effectively been increased from 8 to 24 characters, thereby resulting in 192 bits worth of encryption strength. Mathematically, this means that the number of possible key combinations can be expressed as
2168 = 3.7 × 1050 (370 trillion trillion trillion trillion) different combinations
Earlier in this chapter, I mentioned what would happen if you could crack keys at the rate of 1 million per minute. I have no idea how long it would take using 3DES, but I will be long gone from this earth by the time you finish. This is why 3DES is considered strong. You can read more about cracking 3DES in financial ATM applications in the article, “Extracting a 3DES Key from an IBM 4758,” which you can find online at http://public.planetmirror.com/pub/descrack/.
Encryption Strength
3DES is an extension of DES that takes three keys and encrypts the data, as shown in Figure 6-1.
Figure 6-1 Triple DES Encryption Steps
The overall procedure to encrypt data is the same in 3DES and DES; however, in 3DES, the encryption process is repeated three times. The plain text data, such as an MS Word document, is encrypted with the first key. The result is then encrypted with the second key, and that result is then encrypted with the third key—hence the name 3DES.
DES, the block cipher from which 3DES is derived, is now considered to be insecure for many applications. This is primarily because the key size is inadequate; it is only a 65-bit key size. Furthermore, DES has been withdrawn as a standard by NIST, the National Institute of Standards and Technology.
Limitations of 3DES
The resulting actions of having to encrypt every piece of plain text data three times means that 3DES runs slower than normal DES. If used properly with three different keys, 3DES is several magnitudes stronger than DES.
You want to avoid having the same key for each of the three encryption steps. If any of the keys are the same, the end result is that you are using a slower version of DES. As discussed in this section, 3DES is a stronger method of encryption than DES and is used today in many places.