CITS3002 Computer Networks  
prev
next CITS3002 help3002 CITS3002 schedule  

Triple DES

DES is still in use today, in an extended form called triple-DES, or 3DES. Whereas the original DES used only one 56-bit key, 3DES uses up to three 56 bit keys (plus one parity byte) in order to increase the difficulty of breaking the cipher:

3DES_encrypt(key1, key2, key3, message) =

     DES_encrypt(key1, DES_decrypt(key2, DES_encrypt(key3, message))) 

The encrypt-decrypt-encrypt approach is used to make the algorithm compatible with single DES, in the special case when key1 = key2 = key3.

DES under Unix in software

A number of routines are provided which are typically used for encrypting passwords and files.

    char *crypt(char *key, char *salt);

    setkey(char *key);

    encrypt(char *buf, int edflag);

Implementations of Unix supporting remote file-systems and remote-logins often support DES encryption of transfers (such as with RPC/XDR authentication) using the user's login password as the key for the encryption.


At the Crypto'94 conference, M.Matsui presented a DES-breaking technique termed 'linear-cryptanalysis'. Using 243 known ciphertexts, he was able to determine a single DES key in 50 days on a 100MHz desktop machine.

As the cracking process is linear, comparable times on contemporary machines are measured in hours.

In 1998 EFF's (then) US$250,000 DES cracking machine contained 1,856 custom chips and could brute force all 256 DES keys in 9 days.



CITS3002 Computer Networks, Lecture 12, Cryptography's role in networking, p10, 22nd May 2024.