[Cryptography] 3DES security?

Ray Dillinger bear at sonic.net
Thu Aug 27 22:45:48 EDT 2015



On 08/26/2015 05:07 PM, Henry Baker wrote:
> What's the current best estimate for the (in)security of 3DES, in bits ?
> 

3DES (with 168-bit keys) is considered to be 112 bit secure.

Per Wikipedia, the best known attack requires 2^32 known-
plaintext messages, 2^113 steps, 2^90 single-DES encryptions,
and 2^88 memory.  That's well out of reach, I think.

AES is very much more secure in raw numbers, but in practical
terms both AES and 3DES are in the "The Sun Won't Last That
Long" category, so it doesn't matter very much.  It can be
trusted to the extent that you trust your implementation of
it, your protocols using it, your key handling, your users,
etc.  The weak point in any system using either of the two
will not be the cipher.

The advantage of AES is bigger blocks and lower resource usage.

				Bear


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150827/0e71e665/attachment.sig>


More information about the cryptography mailing list