3 min read

3DES is Officially Being Retired

3DES is Officially Being Retired

According to draft guidance published by NIST on July 19, 2018, the Triple Data Encryption Algorithm (TDEA) or 3DES is officially being retired. The guidelines propose that, after a period of public consultation, 3DES is deprecated for all new applications and usage is disallowed after 2023.

Background on the 3DES Guidance

The 3DES algorithm, first introduced in 1998, is still widely used in finance, payment, and other private industries to encrypt data in transit and at rest, including EMV keys for protecting credit card transactions. The proposal to formally retire the algorithm is not entirely surprising, especially given NIST's previous actions:

In July 2017, NIST initially proposed retiring 3DES following a security analysis and practical demonstration of attacks on 3DES in several real-world protocols. In November 2017, NIST restricted usage to 220 64-bit blocks (8 MB of data) using a single key bundle, so it could no longer effectively be used for TLS, IPsec, or large file encryption.

NIST Terminology

  • Deprecated means “the use of the algorithm and key length is allowed, but the user must accept some risk.”
  • Disallowed means an “algorithm or key length is no longer allowed for the indicated use.”

The classification of a major encryption algorithm as a security risk has implications for US Federal Institutions and vendors who follow NIST guidelines. This announcement is also a reflection on best practises for financial institutions, and it may have an impact on PCI cryptography recommendations.

What is 3DES?

The Triple Data Encryption Algorithm, alternately referred to as Triple DES (Data Encryption Standard), 3DES, TDES, Triple DEA, or TDEA, is a symmetric key-block cipher which applies the DES cipher in triplicate by encrypting with the first key (k1), decrypting with the second key (k2), and encrypting with the third key (k3). A two-key variant also exists, where k1 and k3 are the same.

Why 3DES is Likely to Be Disallowed after 2023

3DES is a ciphersuite based on the Data Encryption Standard developed by IBM in the early 1970s and adopted by NIST (with minor changes) in 1977. 3DES was introduced during a period of transition between two major algorithms. In 1997, NIST announced a formal search for candidate algorithms to replace DES. In 2001, AES was released with the intention of coexisting with 3DES until 2030, permitting a gradual transition. However, the retirement of 3DES has been likely accelerated by research which has revealed significant vulnerabilities and is, by some accounts, long overdue.

NIST first initiated discussion of deprecating 3DES following the analysis and demonstration of attacks on 3DES. The Sweet32 vulnerability was made public by researchers Karthikeyan Bhargavan and Gaëtan Leurent. This research exploited a known vulnerability to collision attacks in 3DES and other 64-bit block cipher suites which are greatest during lengthy transmissions, the exchange of content files, or transmissions vulnerable to text injection. After the exposure of this vulnerability, NIST proposed 3DES be deprecated, and soon thereafter, restricted its usage.  

Understanding the Implications of 3DES’ Deprecation

3DES is a significant algorithm that is deeply embedded in payment systems, standards, and technology in the finance industry. Due to non-upgradable infrastructure, billions of credit cards in circulation, and potential interoperability issues, NIST's proposed five-year timeline to prohibit the use of 3DES may present challenges for the industry.

Organizations using 3DES should be aware of how this algorithm is used within their network environment and the cloud, including its use by vendors. Working to develop an understanding of 3DES implementations can enable organizations to proactively manage 3DES risks with regards to discovered vulnerabilities within the algorithm and the sensitivity of business data.

Organizations can use stop-gap measures like changing 3DES keys more frequently to protect mission-critical data while transitioning to AES or another method of encryption.

Achieving Crypto-Agility

Organizations should be aware of the dangers created by inertia or accepting the business risks of deeply-embedded ciphersuites which are insecure. With the threat of quantum computing on the horizon, threatening to break many of today’s most popular algorithms, NIST’s recommendation is for organizations to “plan for cryptographic agility to facilitate transitions to quantum-resistant algorithms where needed in the future.“

As firms consider compliance and threats, crypto-agility can enable fast response to emerging research and recommendations by supporting the transition from one encryption standard to another at a moment’s notice. Solutions for cryptography as a service enable organizations in highly-regulated industries to protect business-critical data with globally compliant solutions for encryption.

Read White Paper


Image: "End", by courtesy of  doggo, Flickr (CC BY-ND 2.0)