What it says on the tin. Is it still used in things like TLS?
Asked
Active
Viewed 4.1k times
3 Answers
58
Well, yes and no.
Triple DES using 3 different keys is still considered secure because there are no known attack which completely break its security to a point where it is feasible nowadays to crack it.
The Triple DES algorithm provides around 112 bits of security against bruteforce attacks (when taking into account the meet-in-the-middle attack).
For reference, the insane computation power used to find the first SHA1 collision is estimated at a bit more than $2^{63}$ operations. So we still have a security margin of $2^{49}$, which is plenty, but still far less than other standards such as AES.
Triple DES with 3 different keys is still recommended by NIST as per their latest recommendation in NIST SP 800-57.
Triple DES is also the de facto fall-back algorithm for PGP: that is the algorithm all OpenPGP compliant software must implement and use if no other commonly supported algorithm is advertised in the public key of the recipient.
However, Triple DES has a really "small" blocksize with only 64 bits, which led to attack such as Sweet32 against TLS session which allows to break the security of the system thanks to "block collision". This attack led to the removal of Triple DES from the DEFAULT cipher list in the 1.1.0 release of OpenSSL. The attack can also be mitigated by rekeying after a given amount of encrypted data.
As a consequence of that, Triple DES was still in the TLS1.2 standard, but has not made it into the TLS1.3 one.
So in the end, Triple DES is still considered secure if you just want to encrypt something with it, but if you are running a protocol based on it, then you should be worrying about its small blocksize leading to the Sweet32 attack.
12
NIST just recently (11/27/2017) put out a bulletin that Triple-DES will be deprecated in the future, and will be disallowed in protocols like TLS and IPsec, with a future deprecation timeline to be released. NIST is urging vendors to transition TLS implementations to use AES as soon as possible. It will soon be removed from the set of FIPS approved algorithms.
https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2017-11.pdf
I would say at this point, Triple-DES is on it's way out, and will soon be considered unsafe for use.
untra
- 121
- 1
- 3
1
The quick answer: No.
It's no longer considered secure.
Here's why:
- It's vulnerable to Sweet32 Birthday attacks.
- NIST disallows usage of 3DES since 2023 (see NIST SP 800-131A Revision 2).
- Federal Office for Information Security (BSI) in Germany does not approve this cipher.
- NSA (National Security Agency) demands blocking it immediately.
- It's disabled by privacy.sexy.
U. Bulle
- 111
- 2