Triple DES Encryption
The Data Encryption Standard (DES) was developed by an IBM team around 1974
and adopted as a national standard in 1977. Triple DES is a minor variation of
this standard. It is three times slower than regular DES but can be billions of
times more secure if used properly. Triple DES enjoys much wider use than DES
because DES is so easy to break with today's rapidly advancing technology. In
1998 the Electronic Frontier Foundation, using a specially developed computer
called the DES Cracker, managed to break DES in less than 3 days. And this was
done for under $250,000. The encryption chip that powered the DES Cracker was
capable of processing 88 billion keys per second. In addition, it has been shown
that for a cost of one million dollars a dedicated hardware device can be built
that can search all possible DES keys in about 3.5 hours. This just serves to
illustrate that any organization with moderate resources can break through DES
with very little effort these days. No sane security expert would consider using
DES to protect data.
Triple DES was the answer to many of the shortcomings of DES. Since it is
based on the DES algorithm, it is very easy to modify existing software to use
Triple DES. It also has the advantage of proven reliability and a longer key
length that eliminates many of the shortcut attacks that can be used to reduce
the amount of time it takes to break DES. However, even this more powerful
version of DES may not be strong enough to protect data for very much longer.
The DES algorithm itself has become obsolete and is in need of replacement. To
this end the National Institute of Standards and Technology (NIST) is holding a
competition to develop the Advanced Encryption Standard (AES) as a replacement
for DES. Triple DES has been endorsed by NIST as a temporary standard to be used
until the AES is finished sometime in 2001.
The AES will be at least as strong as Triple DES and probably much faster.
Many security systems will probably use both Triple DES and AES for at least the
next five years. After that, AES may supplant Triple DES as the default
algorithm on most systems if it lives up to its expectations. But Triple DES
will be kept around for compatibility reasons for many years after that. So the
useful lifetime of Triple DES is far from over, even with the AES near
completion. For the foreseeable future Triple DES is an excellent and reliable
choice for the security needs of highly sensitive information.
Triple DES is simply another mode of DES operation. It takes three 64-bit
keys, for an overall key length of 192 bits. In Private Encryptor, you simply type in the
entire 192-bit (24 character) key rather than entering each of the three keys
individually. The Triple DES DLL then breaks the user provided key into three
subkeys, padding the keys if necessary so they are each 64 bits long. The
procedure for encryption is exactly the same as regular DES, but it is repeated
three times. Hence the name Triple DES. The data is encrypted with the first
key, decrypted with the second key, and finally encrypted again with the third
Consequently, Triple DES
runs three times slower than standard DES, but is much more secure if used
properly. The procedure for decrypting something is the same as the procedure
for encryption, except it is executed in reverse. Like DES, data is encrypted
and decrypted in 64-bit chunks. Unfortunately, there are some weak keys that one
should be aware of: if all three keys, the first and second keys, or the second
and third keys are the same, then the encryption procedure is essentially the
same as standard DES. This situation is to be avoided because it is the same as
using a really slow version of regular DES.
Note that although the input key for DES is 64 bits long, the actual key used
by DES is only 56 bits in length. The least significant (right-most) bit in each
byte is a parity bit, and should be set so that there are always an odd number
of 1s in every byte. These parity bits are ignored, so only the seven most
significant bits of each byte are used, resulting in a key length of 56 bits.
This means that the effective key strength for Triple DES is actually 168 bits
because each of the three keys contains 8 parity bits that are not used during
the encryption process.
Modes of Operation
Triple ECB (Electronic Code Book)
This variant of Triple DES works exactly the same way as the ECB
mode of DES. Triple ECB is the type of encryption used by Private Encryptor. This is
the most commonly used mode of operation.
Triple CBC (Cipher Block Chaining)
This method is very similar to the standard DES CBC
mode. As with Triple ECB, the effective key length is 168 bits and keys are
used in the same manner, as described above, but the chaining features of CBC
mode are also employed. The first 64-bit key acts as the Initialization Vector
to DES. Triple ECB is then executed for a single 64-bit block of plaintext. The
resulting ciphertext is then XORed with the next plaintext block to be
encrypted, and the procedure is repeated. This method adds an extra layer of
security to Triple DES and is therefore more secure than Triple ECB, although it
is not used as widely as Triple ECB.
Click here for more information on DES.