Why Migrating to Triple DES is Not Easy
Why Migrating to Triple DES is Not Easy
Why Migrating to Triple DES is Not Easy
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Why</strong> <strong>Migrating</strong> <strong>to</strong> <strong>Triple</strong> <strong>DES</strong> <strong>is</strong> <strong>Not</strong> <strong>Easy</strong><br />
We say that <strong>DES</strong> has strength 2 56 , meaning that the most efficient way <strong>to</strong> attack<br />
<strong>DES</strong> in practice 1 <strong>is</strong> <strong>to</strong> search its key space of size 2 56 . That <strong>is</strong>, <strong>to</strong> attack <strong>DES</strong> in<br />
practice one has <strong>to</strong> try each and every possible key until the correct encryption<br />
key <strong>is</strong> identified, th<strong>is</strong> takes on average 2 56 /2 = 2 55 steps.<br />
<strong>Triple</strong>-<strong>DES</strong>, noted as 3<strong>DES</strong> from here on, uses 2 keys, chosen independently<br />
at random, <strong>to</strong> <strong>DES</strong> encrypt a message multiple times. There are also ways <strong>to</strong> use<br />
3<strong>DES</strong> with 3 different keys, but these schemes do not give a significant amount<br />
of extra security in theory and are not considered in financial systems. The most<br />
common technique <strong>is</strong> <strong>to</strong> encrypt the initial plaintext message with one key, decrypt<br />
the result with a second key and finally encrypt th<strong>is</strong> last result with the first<br />
key again. Th<strong>is</strong> <strong>is</strong> known as E-D-E double length key 3<strong>DES</strong> encryption and <strong>is</strong><br />
illustrated in the following figure.<br />
1 other attacks ex<strong>is</strong>t in theory, but they demand an unreasonable amount of known or chosen<br />
plaintext-ciphertext pairs which renders the attacks unpractical.<br />
c○Copyright Okiok Data 2002 2