1

All examples seem to be with 128 bits. Can it be 192 bits?

Fayez
  • 85
  • 1
  • 2
  • 8

1 Answers1

1

Maybe sort of.

The DUKPT algorithm is defined to use "two-key triple-DES", or formally TDEA Keying Option 2 from SP800-57 or originally FIPS46-3. Every key in this algorithm (BDK, device initialization key(s), future keys, and working key(s)) is a "double-length key" consisting of two classic-DES (DEA) keys, each 56 real key bits plus 8 bits reserved for parity and today often ignored, stored and transmitted and used as 64 bits, totalling 128-bits.

Some implementations of triple-DES aka TDEA aka DESede (possibly including yours) require you always represent the key in full-length 192-bit or 24-octet form. Given a double-length key, you create a triple-length key by duplicating the first half, i.e. if the double-length key is (k1) (k2) then the triple-length key is (k1) (k2) (k1) . The result occupies 192-bits but only contains 112-bits of "real cryptographic keyosity".

dave_thompson_085
  • 9,759
  • 1
  • 24
  • 28
  • 1
    Keep in mind that 3DES is vulnerable to a meet-in-the-middle attack, which reduces the time complexity of 112-bit 3DES-EDE key option 2 to 2^57 operations with a storage requirement of 2^56 64-bit blocks (512 petabytes). This is considered feasible, since a large number of organisations have SANs and other storage clusters of or exceeding this size. The same attack also applies to 3DES-EDE with a 168-bit key (i.e. three independent 56-bit keys) with a time complexity of 2^112 and the same 512PB storage cost. – Polynomial Jun 05 '15 at 12:07
  • Yup, 2 key 3DES should not be used anymore according to NIST. 3 key 3DES is still acceptable but if anywhere possible: use AES. There are plenty of other issues with 3DES such as the block size. – Maarten Bodewes Jun 05 '15 at 22:35
  • @Polynomial complain to X9. But note that DUKPT was designed 30 years ago, uses a different key for every (data) encryption hence the name Derived Unique Key Per Transaction, and is supposed to be (and AFAICT is) used only for payment cards which Krebs reports are worth on rough average about USD 10. – dave_thompson_085 Jun 06 '15 at 17:49
  • My apologies in advance as I'm probably breaking some stackexchange rule here, but getting a little desperate. @dave_thompson_085 and other DUKPT experts out there, I have 2 more DUKPT related questions posted over 3 days ago, but no response. You can find those questions at http://security.stackexchange.com/questions/92815/understanding-key-serial-numbers-ksn-in-derived-unique-key-per-transaction-du and http://security.stackexchange.com/questions/92819/sharing-derived-unique-key-per-transaction-dukpt-base-derivation-key-bdk-wit. – Fayez Jul 04 '15 at 18:47