Hello There!
Just a quick introduction about what is the difference between double length and triple length in 3DES algorithm.
I have created some small sample scripts written in Java to generate a 3DES key in different size of length.
1. GENERATING 3DES KEY IN TRIPLE LENGTH OF SIZE
SecretKey secret = CryptoUtils.generateKey(Algo.TDES,KeySize.TDES_TRIPLE);
int length = secret.getEncoded().length;
byte[] rawKey = secret.getEncoded();
Triple Length
Results : 8c2ccedcf7c8cd6b 43f2bf9b702c70c8 d319bc768c8315c1
Length : 24 bytes2. GENERATING 3DES KEY IN DOUBLE LENGTH OF SIZE
SecretKey secret = CryptoUtils.generateKey(Algo.TDES,KeySize.TDES_DOUBLE);
int length = secret.getEncoded().length;
byte[] rawKey = secret.getEncoded();
Double Length :
Results : cb7c6d437af898a2 913d16466b10b9b5 cb7c6d437af898a2
Length : 24 bytes The output key of 3DES of the length must be has 24 byte (192 bit) size of data. As you might see above results looks similar but actually not.
3DES algorithm key size must be defined as 112 as a double length key and 168 as a triple length key.
But why 112 bit? not 128 bit? and how come is 168 bit? not 192 bit?
I thought if 64 bit can simply divided to 8 and we got 8 byte of data. Because 1 byte should be 8 bit of data, doesn’t it? 🤔
it’s something fishy here? 🤯🤯
Here is the explanation, according to NIST document 3DES algorithm explanation is something like :
Each 64-bit key shall contain 56 bits that are randomly generated and used directly by the algorithm as key bits. The other eight bits, which are not used by the algorithm, may be used for error detection.
The eight error-detecting bits are set to make the parity of each 8-bit byte of the key odd. That is, there is an odd number of “1”s in each 8-bit byte7.
3DES key consists of three keys for the cryptographic engine (Key1, Key2 and Key3), the three keys are also referred to as a key bundle (KEY). There are also two options for the selection of the keys in a key bundle are approved.
3. THERE IS FEW OPTIONS TO USE 3DES ALGORITHM
Option 1 : The preferred option, employs three unique keys (i.e. Key1, Key2 and Key3, where Key1 ≠ Key2, Key2 ≠ Key3, and Key3 ≠ Key1)
Option 2 : Employs two unique keys and a third key that is the same as the first key (i.e. Key1, Key2 and Key3, where Key1 ≠ Key2 and Key3 = Key1)
I have highlighted the different between option 1 and option 2 which the last key has a different value.
4. DISALLOW AFTER DECEMBER 31, 2023.
Unfortunately, after time to time, as usual, i know we would facing lot of changes including algorithm itself. I know I’m writing this note is a bit outdated, but it’s better than not to write and directly share it to all readers ☺️🥰.
NIST had been disallowing 3DES two-keys and applying cryptographic protection and restricts the use of 3DES three-key. You could find it here again at page 6.
It clearly stated in the NIST publication document something like :
The Triple Data Encryption Algorithm (TDEA) (often referred to as Triple DES) is specified in SP 800-67, and has two variations, known as two-key TDEA and three-key TDEA. Three-key TDEA is the stronger of the two variations.
The latest revision of SP 800-67 disallows the use of two-key TDEA for applying cryptographic protection and restricts the use of three-key TDEA for applying cryptographic protection to no more than 220 data blocks using a single key
bundle27.
And here is the statement from NIST related to 3DES.
If you want to learn about my other note, you might visit here for code and database section, it is still related on what you wanted to learn in all about technology itself.
That’s all folks! Happy learning as always! 🥰😍
Leave a Reply