On 01/22/2010 06:37 AM, manish wrote:
> i wanted to know why not we use 4 DES , or 5 DES ,.....why onle triple
> DES,
> is there a problem....
>
For NSS, the answer is simple:
There is no standard for 4 DES or 5 DES, only des and 3 DES (which a
special form of 3 DES that allows for a '2 DES' strength).
Where is there no standard for 4 DES and 5 DES?
Reason 1: At the time triple DES was defined, there was a need to
increase the strength of the DES algorithm over the 56 bits it currently
had. DES was still strong for most operations, but there was a need to
have an algorithm with a strength of greater than 90 bits. In the
absence of any new standards out there, IBM proposed a new form of DES:
DES3 or triple DES. At the time most crypto was still done in
hardward, so triple DES has this interesting feature: Take your 3
DES key and split it into 3 single DES keys. Then take your data and
encrypt it with the first DES key, decrypt the result with the
second DES key, and encrypt that result with the 3rd DES key. You
now have hardware, which with a single HW engine can produce outputs
for 56 bits 112 and 168 bit keys. For the 56 bit keys you set the
same 56 bit key in all three locations. The HW will encrypt and
decrypt with the same key (getting the same input), then finally
encrypt with that key to get the final single des output. 2 DES (112
bits) is handled by forming a 3 DES key with the first second first
56 bits in the 2 DES key. NOTE: this means that 2 DES is always the
same speed as 3 DES. NOTE2: this only works if DES is not a group.
(otherwise there would be a single DES key that could be found that
would mimic the output of a full 3DES key. It turns out DES is not a
group).
168 bits were plenty, and the single algorithm was good for most keys sizes.
Reason 2: Today, 168 bits is still a lot of strength. When AES came out
it came out as a replacement for DES. it supports strengths of 128 (most
common), 192, and 256. Anyone that needs more strength than 168 bit DES
is usually better off going with AES, which is presumed stronger and is
faster than 3 DES.
Reason 3: DES has a 64 bit (8 byte) block size. As computers get faster,
dictionary attacks on this block size because more possible. AES doubled
the blocksize, which is more appropriate for the corresponding larger
key size.
Reason 4: Some weaknesses have been found in DES. For the most part DES
has held up pretty well, but there are some attacks that knock a few
bits off the strength of DES. The algorithm was designed for a 5-10 year
life, carried us 2.5 decades.
Summary: 4 and 5 DES are unlikely to give you the same security as
modern algorithms for the same performance cost. Now that we have those
modern algorithms, it makes little sense for someone to use something
other than the modern algorithms.
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
