[openssl-users] 2-key vs 3-key 3DES

Jeffrey Walton noloader at gmail.com
Fri Feb 12 08:11:31 UTC 2016

> I've just been reading about recommended and deprecated encryption and tripped over a nist document (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf) that distinguishes between 2key and 3key 3DES saying that the former is deprecated after 2015 but the latter is still acceptable.
2-key 3DES provides about 80 bits of security, while 3-key 3DES
provides about 112 bits.

> Is this distinguishable in openssl?  I.e. if we negotiate TLS_RSA_WITH_3DES_EDE_CBC_SHA does it always use the 3-key version?

TLS cipher suites, like TLS_RSA_WITH_3DES_EDE_CBC_SHA, use the 3-key
version. Also see RFC 5246, https://tools.ietf.org/html/rfc5246, and
the discussion of "Data Encryption Standard" on page 79:

      DES can also be operated in a mode [3DES] where
      three independent keys and three encryptions are
      used for each block of data; this uses 168 bits of key
      (24 bytes in the TLS key generation method) and
      provides the equivalent of 112 bits of security.


More information about the openssl-users mailing list