What are safe use cases for 3DES? Is it safe to use it in situations where you are encrypting smaller amounts of data?
After the recently published 'birthday attacks' on 3DES (eg SWEET32), I've read some people calling it broken.
Asked
Active
Viewed 244 times
1 Answers
2
As stated by https://sweet32.info/, 3DES is as safe as it has always been. You just have to follow the requirements for it, i.e. not using it for more than 32 GB of data with the same key.
The proof of concept of the attack mentioned in the website needed 610 GB of recorded communications. Those communications were simulating a worst-case scenario.
In practice, as long as you use it to browse websites, you should be fine as it will be hard to communicate 32 GB of (repetitive) data to a single website. However, do not use it to secure a VPN or long-lived communications.
As a side note, 3DES is considered weak because its key is limited to 112 bits.
A. Hersean
- 10,046
- 3
- 28
- 42