[openssl-users] 2-key vs 3-key 3DES
noloader at gmail.com
Fri Feb 12 08:11:31 UTC 2016
> I've just been reading about recommended and deprecated encryption and tripped over a nist document (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf) that distinguishes between 2key and 3key 3DES saying that the former is deprecated after 2015 but the latter is still acceptable.
2-key 3DES provides about 80 bits of security, while 3-key 3DES
provides about 112 bits.
> Is this distinguishable in openssl? I.e. if we negotiate TLS_RSA_WITH_3DES_EDE_CBC_SHA does it always use the 3-key version?
TLS cipher suites, like TLS_RSA_WITH_3DES_EDE_CBC_SHA, use the 3-key
version. Also see RFC 5246, https://tools.ietf.org/html/rfc5246, and
the discussion of "Data Encryption Standard" on page 79:
DES can also be operated in a mode [3DES] where
three independent keys and three encryptions are
used for each block of data; this uses 168 bits of key
(24 bytes in the TLS key generation method) and
provides the equivalent of 112 bits of security.
More information about the openssl-users