Encryption

Why 3DES or Triple DES is Officially Being Retired

3des or Triple DES and why is it being retired

Read time: 7 minutes

3DES is an encryption cipher derived from the original Data Encryption Standard (DES). 3DES was first introduced in 1998, the algorithm is primarily adopted in finance and other private industry to encrypt data-at-rest and data-in-transit. It became prominent in the late nineties but has since fallen out of favor due to the rise of more secure algorithms, such as AES-256 and XChaCha20. Although it will depreciate in 2023, it’s still implemented in some situations.

About Triple DES or 3DES

The Triple DES (often referred to as Data Encryption Algorithm (TDEA)) is specified in SP 800-6711 107 and has two variations, known as two-key TDEA and 108 three-key TDEA. Three-key TDEA is the stronger of the two variations.Below is the status of the 3DES algorithm used for encryption and decryption

AlgorithmStatus
Two-key TDEA EncryptionDisallowed
Two-key TDEA DecryptionLegacy use
Three-key TDEA EncryptionDeprecated through 2023Disallowed after 2023
Three-key TDEA DecryptionLegacy use

*Deprecated: you may use but must accept a specific risk

*Disallowed: algorithm or key length not suitable for use anymore

Three-key TDEA encryption and decryption

Effective as of the final publication of this revision of SP 800-131A, encryption using three-key TDEA is deprecated through December 31, 2023, using the approved encryption modes. Note that SP 800-67 specifies a restriction on protecting no more than 220 data blocks using the same single key bundle. Three-key TDEA may continue to be used for encryption in existing applications but shall not be used for encryption in new applications. After December 31, 2023, three-key TDEA is disallowed for encryption unless specifically allowed by other NIST guidance. Decryption using three-key TDEA is allowed for legacy use.

How is Triple DES/3DES applied?

Triple DES is a type of encryption that employs three DES instances on the same plaintext. It employs a variety of key selection approaches, including the following:

  • all utilized keys are different in the first
  • two keys are the same and one is different in the second
  • and all keys are the same in the third.

Difference between 3DES and DES

DES is a symmetric-key algorithm that uses the same key for encryption and decryption processes. 3DES was developed as a more secure alternative because of DES’s small key length. 3DES or Triple DES was built upon DES to improve security. In 3DES, the DES algorithm is run three times with three keys; however, it is only considered secure if three separate keys are used.

Triple DES/3DES is not secure?

The Triple Data Encryption Algorithm (TDEA or 3DES) is being officially decommissioned, according to draught guidelines provided by NIST on July 19, 2018. According to the standards, 3DES will be deprecated for all new applications following a period of public deliberation, and its use will be prohibited after 2023.

DES no longer used?

The Data Encryption Standard, also known as DES, is no longer considered secure. While there are no known severe weaknesses in its internals, it is inherently flawed because its 56-bit key is too short. A German court recently declared DES to be “out-of-date and not secure enough,” and held a bank accountable for utilizing it.

AES replaced DES encryption

One of the primary objectives for the DES replacement algorithm from the National Institute of Standards and Technology (NIST) was that it be efficient in both software and hardware implementations. (Originally, DES was only practical in hardware implementations.) Performance analysis of the algorithms was carried out using Java and C reference implementations. AES was chosen in an open competition that included 15 candidates from as many research teams as possible from around the world, and the overall amount of resources dedicated to the process was enormous.

Finally, in October 2000, the National Institute of Standards and Technology (NIST) announced Rijndael as the proposed Advanced Encryption Standard (AES).

Differences between 3DES and AES encryption?

Both AES and 3DES, often known as triple-DES, are symmetric block ciphers. These are the current data encryption standards. Though the use of 3DES has become increasingly unpopular in recent years. Both have the same goals and objectives, yet there are a lot of similarities between them.

Parameters of comparison3DESAES
Key Length168 bits (k1, k2, and k3), 112 bits (k1 and k2)128, 192, or 256 bits
Cipher TypeSymmetric block cipherSymmetric block cipher
Block Size64 bits128 bits
SecurityProven inadequateConsidered secure

Reference

nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf

About the Author

Parnashree Saha is a data protection senior consultant at Encryption Consulting LLC working with PKI, AWS cryptographic services, GCP cryptographic services, and other data protection solutions such as Vormetric, Voltage etc.

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Let's talk