Showing posts from May, 2017

3 key 3DES, 2 key 3DES and effective security

There was a recent discussion around effective security and effective key length of 3DES algo. Basically the 3 DES is 3 times DES. There would be 3 keys (K1, K2, K3 ) involved in the operation. The size of a key in DES is 64 bit, but due to padding the actual keys being used for the encryption are 56 bits of the length. So, in 3DES the the total key size would be 168 bits.
Now there are 3 options in 3DES:
Option 1, where K1, K2, and K3  are independent, the length would be 168 bits.
Option 2, where 2 keys are similar , eg, K1=K3, still the actual length is 168 bits but the 'effective' length would be 112 bits. (also called 2-key 3DES)
Option 3, the least secure where all three keys are same, ie, K1=K2=K3, still the actual length is 168 bits, the 'effective' key length would be 56 bits.

Now due to a know attack on 3DES, Meet-In-the-Middle (MeetITM), the 'effective' security of the above options are reduced as following:

Option 1: 112 bits
Option 2: 80 bits