3DES is Officially Being Retired

by Jasmine Henry (guest) on 03. August 2018

According to draft guidance published by NIST on July 19, 2018, the Triple Data Encryption Algorithm (TDEA or 3DES) is officially being retired. The guidelines propose that, after a period of public consultation, 3DES is deprecated for all new applications and usage is disallowed after 2023.

Background on the 3DES Guidance

First introduced in 1998, the 3DES algorithm is still broadly adopted in finance, payment and other private industry to encrypt data in-transit and at-rest, including EMV keys for protecting credit card transactions. The proposal to formally retire the algorithm is not entirely surprising, especially considering historical movements by NIST:

In July 2017, NIST initially proposed retiring 3DES following a security analysis and practical demonstration of attacks on 3DES in several real-world protocols. In November 2017, NIST restricted usage to 220 64-bit blocks (8 MB of data) using a single key bundle, so it could no longer effectively be used for TLS, IPsec, or large file encryption.

NIST Terminology

  • Deprecated means “the use of the algorithm and key length is allowed, but the user must accept some risk.”
  • Disallowed means an “algorithm or key length is no longer allowed for the indicated use.”

The designation of a major encryption algorithm as a security risk has implications to US Federal Institutions and vendors subject to NIST guidelines. This announcement is also a reflection on best practices for institutions in the finance industry, and could impact PCI cryptography recommendations.  

What is 3DES?

The Triple Data Encryption Algorithm, alternately referred to as Triple DES (Data Encryption Standard), 3DES, TDES, Triple DEA, or TDEA, is a symmetric key-block cipher which applies the DES cipher in triplicate by encrypting with the first key (k1), decrypting with the second key (k2), and encrypting with the third key (k3). A two-key variant also exists, where k1 and k3 are the same.

Why 3DES is Likely to Be Disallowed after 2023

3DES is a ciphersuite based on the Data Encryption Standard developed by IBM in the early 1970s and adopted by NIST (with minor changes) in 1977. 3DES was introduced during a period of transition between two major algorithms. In 1997, NIST announced a formal search for candidate algorithms to replace DES. In 2001, AES was released with the intention of coexisting with 3DES until 2030, permitting a gradual transition. However, the retirement of 3DES has been likely accelerated by research which has revealed significant vulnerabilities and is, by some accounts, long overdue.

NIST first initiated discussion of deprecating 3DES following the analysis and demonstration of attacks on 3DES. The Sweet32 vulnerability was made public by researchers Karthikeyan Bhargavan and Gaëtan Leurent. This research exploited a known vulnerability to collision attacks in 3DES and other 64-bit block cipher suites which are greatest during lengthy transmissions, the exchange of content files, or transmissions vulnerable to text injection. After the exposure of this vulnerability, NIST proposed 3DES be deprecated, and soon thereafter, restricted its usage.  

Understanding the Implications of 3DES’ Deprecation

3DES is a major algorithm, and one which is deeply embedded into payment systems, standards and technology in the finance industry. The five-year timeline proposed by NIST to disallow the use of 3DES could present challenges for the industry due to non-upgradable infrastructure, billions of credit cards in circulation and potential interoperability issues.

Organizations using 3DES should be aware of how this algorithm is used within their network environment and the cloud, including its use by vendors. Working to develop an understanding of 3DES implementations can enable organizations to proactively manage 3DES risks with regards to discovered vulnerabilities within the algorithm and the sensitivity of business data.

To protect mission-critical data during the transition period to AES or another method of encryption, organizations can adopt stop-gap measures, such as changing 3DES keys more frequently.

Achieving Crypto-Agility

Organizations should be aware of the dangers created by inertia or accepting the business risks of deeply-embedded ciphersuites which are insecure. With the threat of quantum computing on the horizon, threatening to break many of today’s most popular algorithms, NIST’s recommendation is for organizations to “plan for cryptographic agility to facilitate transitions to quantum-resistant algorithms where needed in the future.“

As firms consider compliance and threats, crypto-agility can enable fast response to emerging research and recommendations by supporting the transition from one encryption standard to another at a moment’s notice. Solutions for cryptography as a service enable organizations in highly-regulated industries to protect business-critical data with globally compliant solutions for encryption.

Read White Paper


Image: "End", by courtesy of  doggo, Flickr (CC BY-ND 2.0)

Other Related Articles: # Key Management # Crypto-Agility # 3DES

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.