Cryptography Reference
In-Depth Information
built a piece of hardware called
Deep Crack
in order to search for a DES key.
The machine cost $80,000 to design and $130,000 to manufacture. It processed
just under 10
11
keys per second, making it ten times slower than our theoretical
machine. The design details were fully published, but the actual machine was
not made available for public use. It did succeed, however, in convincing most
people that DES was no longer secure enough for most applications.
2007
: An indication of how insecure DES is for modern use comes from the ability
to build powerful DES crackers at very little cost. The significance of dedicated
hardware that became available was not so much the speed but the much
reduced cost. For example, in 2007, the hardware device COPACOBANA was
made available for a cost less than $10,000 and could search for a DES key in
less than one week.
It is now well understood that anyone determined enough can exhaustively
search for a DES key. AlthoughDES is still used in a number of legacy applications,
we can expect its use to decline steadily over time. Note that there is nothing wrong
with using DES for applications with very short cover times, since the algorithm
itself has not been attacked by anything other than theoretical (academic) attacks.
In most modern applications, however, DES has largely been replaced by the likes
of Triple DES and AES.
4.4.4
Triple DES
The progress on exhaustive key searches against DES in the 1990s began to
cause disquiet amongst mainstream users of DES, such as those in the financial
sector, especially as it takes an enormous amount of time and money to change
encryption algorithms that are widely adopted and embedded in large security
architectures.
The pragmatic response was not to abandon the use of DES completely, but
to change the way in which DES is used. This resulted in Triple DES (sometimes
known as 3DES). Confusingly, there are two variants of Triple DES known as
3-key Triple DES
(3TDES) and
2-key Triple DES
(2TDES). We will describe these
separately.
3-KEY TRIPLE DES
The variant of Triple DES known as 3TDES is depicted in Figure 4.5.
Before using 3TDES we first generate and distribute a 3TDES key
K
, which
consists of three different DES keys
K
1
,
K
2
and
K
3
. This means that the actual
3TDES key has length 3
×
56
=
168 bits. To encrypt a 64-bit plaintext using
3TDES:
1. first encrypt the plaintext using single DES with key
K
1
;
2. now
decrypt
the result of step 1 using single DES with key
K
2
;
3. finally, encrypt the result of step 2 using single DES with key
K
3
; the result of
this encryption is the ciphertext.
