I'm not getting the exact main point of 2-DES and 3-DES. I would like to know the difference between the two; why 3-DES is chosen over 2-DES?
Asked
Active
Viewed 4.3k times
10
-
3DES - 2DES = 1DES. So 3des runs des one time more than 2des. – Salvador Dali May 01 '14 at 22:12
2 Answers
16
Double-DES is two successive DES instances, while Triple-DES is three successive DES instances.
We use 3DES and not 2DES because 2DES does not yield the security increase that you would believe. Namely, 2DES uses 112 key bits (two 56-bit DES keys) but offers a security level of about 257, not 2112, because of a "meet-in-the middle attack" which is well explained there (not to be confused with "man-in-the-middle", a completely different concept). Similarly, 3DES uses 168 key bits, but offers "only" 2112 security (which is quite sufficient in practice). This also explains why 3DES is sometimes used with a 112-bit key (the third DES key is a copy of the first): going to 168 bits does not actually make things more secure.
This can be summarized as: we use n-DES because a simple DES is too weak (a 56-bit key can be brute-forced by a determined attacker), but in order to really improve security, we must go to n ≥ 3. Of course, every additional DES implies some computational overhead (simple DES is already quite slow in software, 3DES thrice as much).
Thomas Pornin
- 320,799
- 57
- 780
- 949
-
1The meet in the middle attack is very concisely explained here as well, with some simple pseudocode: https://lo.calho.st/security/demonstrating-the-double-des-meet-in-the-middle-attack/ – Caspar Jan 11 '18 at 19:53
3
The number in front of DES is how many times DES is run. DES simply takes input, runs it through DES once and then has the final output. DES however has some weaknesses, so 3DES was used to help counter them.
3DES runs through one instance of DES, feeds that output as input to another instance of DES and finally that output goes in to a third.
2DES would be similar, but only going through two DES algorithms.
The reason we use 3DES and not 2DES is that 2DES doesn't actually give us that much more security than DES. If we take a bunch of possible plain-texts and start trying to encode them and simultaneously take a bunch of encrypted values and start decrypting them, we only have to look for where they meet in the middle with the same value. Those intersections then reveal the key.
3DES avoids this because of the middle step. We'd need to work a third operation to tell if they met in the middle and thus we can't simply look for where the first and last operation produce the same value.
AJ Henderson
- 41,816
- 5
- 63
- 110
-
When I went to uni, triple DES was actually just two keys. The third pass was through the first key again. Am I remembering this wrong? – Synesso May 02 '14 at 00:38
-