Highest Voted '3des' Questions - IT Security Stack Exchange

9

votes

3 answers

Is the 3DES algorithm secure?

Can we use the 3DES algorithm for exchanging confidential information? I am using it in my project. Security code reviewer has raised a bug saying that it is not secure but I see that it is mentioned as secured in CMMI.

encryption des 3des

asked Dec 29 '16 at 14:28

Ekalavya

164
1
1
9

4

votes

1 answer

Can a MAC be used as an irreversible PCI Token?

I'm looking at implementing a PCI token generation process based on a MAC code obtained from the PAN. This would be an irreversible token. The method I have in mind seems OK to me, but I'm not quite sure it would fly with a QSA. Some advice on the…

pci-dss payment 3des

asked May 04 '18 at 15:16

Claude Chouinard

41
1

3

votes

3 answers

Are encrypted databases secure against all attacks?

If I use a database encryption package for oracle like dbms_crypto, would this be vulnerable to any attacks? I know that it uses algorithms like 3DES, AES, etc. These are all thigns that you can use while using this package, and there are attacks…

encryption aes oracle 3des

asked Apr 21 '20 at 17:33

Brooney

63
4

3

votes

2 answers

How to generate the most secure private key?

I need to generate the most secure private key. Usually I use a command: openssl genrsa -des3 -out mykey.key 2048 Is triple DES secure enough? Is 2048 large enough? Are there any other ways to make the private key stronger?

openssl rsa key-generation key 3des

asked Feb 01 '19 at 14:21

sluge

1,085
1
10
9

2

votes

1 answer

3DES supported in application although disabled in Windows

Can users actually use the 3DES cipher to connect to a Tomcat web server, if the 3DES cipher has been disabled via registry keys in Windows: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES dword…

windows ciphers 3des

asked Aug 06 '19 at 10:41

QuantumSec

88
9

2

votes

1 answer

Does Sweet32 work on services that do not use web sessions/cookies (such as FTP)?

Saintbot PCI/vuln scanner (via Controlscan) is flagging FTP port 21 vulnerable to Sweet32, based on the existence of a 3DES "grade C" cipher. The fix is easy -- update the available ciphers to be more secure. However Cpanel v62 has a current "issue"…

pci-dss 3des

asked Feb 15 '17 at 20:44

dhaupin

161
1
7

2

votes

1 answer

3DES Security - safe use cases

What are safe use cases for 3DES? Is it safe to use it in situations where you are encrypting smaller amounts of data? After the recently published 'birthday attacks' on 3DES (eg SWEET32), I've read some people calling it broken.

encryption attacks des 3des

asked Nov 30 '16 at 08:48

Marcus

21
1

1

vote

1 answer

How to get Future Keys (Session Key) from IPEK for decryption data?

I'm new to DUKPT, so I'm not entirely clear about DUKPT and HSM. Right now, I'm trying to decrypt data (PAN number) from terminal. So far, when I receive KSN and encrypted data, I understand that I need to find encryption key. From my HSM I can get…

encryption cryptography key-management hsm 3des

asked May 06 '21 at 22:53

Thurairaj Letchumanan

11
1

1

vote

2 answers

Why does tls_version "TLS 1.2" from howsmyssl rate "Probably Okay" in Chrome on Windows 10 but "Bad" in IE11 on Windows 7?

I'm implementing an API endpoint based on howsmyssl to check the TLS version of clients then notify those clients about whether or not they passed the test. However, several clients have reported failing the test on our site but passing Salesforce's…

tls cipher-selection internet-explorer rc4 3des

asked Oct 12 '17 at 20:56

bw-patrick

11
2

0

votes

0 answers

The hidden perils of trying to handle bad rare outcomes

I vaguely remember some story about some cipher (I think it was 3DES) having some "issue" where if the key happened to be especially bad (like 0x00000...) then the resulting encryption becomes trivially attacked. The pathological keys are known, but…

key-generation 3des

asked May 21 '21 at 21:20

Phil Frost

725
4
10

0

votes

0 answers

How secure is this scheme?

Introduction of the cryptosystem Let's say we have a system with a central server SRV that is considered secure (communication with this server is secured too with TLS). Then let's say we have many clients CLIENT which are supposed to be secure too…

secret-sharing secrets-management 3des

asked Oct 17 '19 at 07:58

xryl669

119
2

0

votes

1 answer

SSH most common symmetric encryption algorithm in 2018

What is the most common symmetric encryption algorithm for encrypting data between two machines with SSH in 2018? I have attempted to find this out but I generally come across outdated blogs. I understand that it is most probably currently either…

encryption ssh aes 3des

asked Feb 20 '18 at 13:23

Softey

189
4

0

votes

1 answer

Disable 3DES (Triple DES) in thunderbird

Thunderbird still uses 3DES for SMIME encryption (bug #1167857). Since 3DES is severely "broken" and uses only 80 bits of security, I would like to tell my Thunderbird, not to use that algorythm any more. I set the value for…

smime 3des

asked May 12 '17 at 21:09

rubo77

2,350
10
26
48

Questions tagged [3des]