Triple DES
DES is still in use today, in an extended form called triple-DES, or 3DES.
Whereas the original DES used only one 56-bit key,
3DES uses up to three 56 bit keys (plus one parity byte)
in order to increase the difficulty of breaking the cipher:
3DES_encrypt(key1, key2, key3, message) =
DES_encrypt(key1, DES_decrypt(key2, DES_encrypt(key3, message)))
|
The encrypt-decrypt-encrypt approach is used to make the algorithm
compatible with single DES,
in the special case when key1 = key2 = key3.
DES under Unix in software
A number of routines are provided which are typically used for encrypting
passwords and files.
char *crypt(char *key, char *salt);
setkey(char *key);
encrypt(char *buf, int edflag);
|
Implementations of Unix supporting remote file-systems and remote-logins
often support DES encryption of transfers
(such as with RPC/XDR authentication)
using the user's login password as the key for the encryption.
|
At the Crypto'94 conference, M.Matsui presented a DES-breaking technique
termed 'linear-cryptanalysis'.
Using 243 known ciphertexts,
he was able to determine a single DES key in 50 days on a 100MHz
desktop machine.
As the cracking process is linear,
comparable times on contemporary machines are measured in hours.
In 1998 EFF's (then) US$250,000 DES cracking machine contained
1,856 custom chips
and could brute force all 256 DES keys in 9 days.
|
CITS3002 Computer Networks, Lecture 12, Cryptography's role in networking, p10, 22nd May 2024.
|