DES and 3DES

In a nutshell, DES (Data Encryption Standard) is an algorithm published by the National
Institute of Standards for data encryption. 3DES (triple DES) is the DES algorithm applied
three times to a data stream. The longer explanation of the standard is a bit more
complicated.

DES was developed by IBM in 1977 and was adopted by the U.S. Department of Defense. It
includes the algorithm in the FIPS (Federal Information Processing Standard) 46 publication.

DES uses a key system for encryption, and both the sender and receiver of a message
encrypted with DES must have the same private key - data in transit cannot be deciphered
without the appropriate key. Keys are chosen at random, and there are
72,000,000,000,000,000 (that's 72 quadrillion) possible keys. The algorithm involves 16
operations in which the 56-bit key is assigned to a 64-bit block of data.

DES is a symmetric block cipher encryption method. It is considered symmetric because the
same private key is used for encryption and decryption. (This is in contrast to asymmetric
encryption, which uses a private key and a readily available public key) A "cipher" is simply a
method of encryption and decryption, and the "block" refers to the fact that blocks of data
(64-bits) are encrypted at the same time, i.e., DES does not encrypt each individual bit of
data.

DES encryption is strong enough to keep most hackers at bay, but its code is breakable.
Many have begun using 3DES as a stronger alternative. 3DES performs the DES encryption
process three times using three different keys. The security provided by 3DES is very
strong, but the technology is slower than some of the encryption standards that have
recently emerged.

In case you were wondering.

Thanks. More greenies.

You might be interested in this link, which has some relevant info on 3DES.
It's 3DES (http://www.cl.cam.ac.uk/~rnc1/descrack) from Cambridge university.
Perhaps 3DES is not as secure as it might seem .... :)

nice job.

des is breakable though:
jan '97: data security inc. held the first "des challange," first price winner recovered the password in 96 days
jan '99: distributed.net recovered a password in less then 24

the new gov standard is called aes (advanced encryption standard), the name of the algorithm rijndael and was developed by a group in europe. you can read all about it at www.nist.gov/aes.

Thanks for mentioning AES Jabberwocky.

Have a look at the AES fact sheet at:

http://csrc.nist.gov/encryption/aes/aesfact.html

From that page, something that I found interesting.
__________________________________________________________

The AES specifies three key sizes: 128, 192 and 256 bits. In decimal terms, this means that there are approximately:

3.4 x 1038 possible 128-bit keys;
6.2 x 1057 possible 192-bit keys; and
1.1 x 1077 possible 256-bit keys.

In comparison, DES keys are 56 bits long, which means there are approximately 7.2 x 1016 possible DES keys. Thus, there are on the order of 1021 times more AES 128-bit keys than DES 56-bit keys.

Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
__________________________________________________________

Some pretty interesting stuff.....

each time you add a single digit to the key you double the ranger a cracker has to search. keys are usually made out of prime numbers, or combinations of numbers that are prime to each other. not too recently someone the largest known prime number, 213466917-1.

check out this very interesting site on prime numbers
http://www.utm.edu/research/primes/largest.html

Interesting... Does anyone have any information on the encryption that distributed.net (http://www.distributed.net) is trying to crack.... The keys are as follows....

RC5
OGR
CSC
DES

DES encryption is strong enough to keep most hackers at bay, but its code is breakable.
Many have begun using 3DES as a stronger alternative. 3DES performs the DES encryption
process three times using three different keys.

Technically this isn't accurate, at least for the C library implementation. The 3DES algorithm actually uses two keys. The data is encrypted with the first key, decrypted with the second key and encrypted with the first key again. You could quite easily tweak the code to use three separate keys though :).

One other thing to note is that using the same encryption algorithm multiple times does not make the message much harder to decrypt - which is why I think 3DES is a bit suspect.
To actually break it you would need some inside help, which is what my original link indicated.
However, IBM thinks these sort of things are important, which is why it has been working with the guys who pointed out the weaknesses to try and fix the obvious loopholes.

does anybody knows the different usage from stream cipher and block cipher in applications?
the main point is confidentiality and when why ??


cheers,

stream ciphers encrypt a single character at a time, and are really only used in network encryption.

block ciphers are much more complicated to recover. they take a certian number of letters (a block) and encrypt them at once. then usually they do what is called cipher block chaining, which is basically running the different blocks threw the encryption process so many times depending on what block they are. des is a block cipher.

i hope that answers your question :)

IBMs response to you two naughty boys at Cambridge:

http://www-3.ibm.com/security/cryptocards/html/ccaupdate.shtml

IBM's response was mainly accurate, but did rather rely on the fact that the software was installed correctly, and adequate physical security was in force. They were rather misleading in stating that the implementation of 3DES on an IBM 4758 could not be broken, as all it would need was some minor inside assistance - as was proved in the 'practical results' part of the Cambridge university link.
Just a coincidence that IBM issued a fairly major software patch then :D

heh.

I am wary of *anyone* that says security is 100% you can layer security to get close(er) to 100% but never there.