Q
Problem solve Get help with specific problems with your technologies, process and projects.

# Clarification of encryption keys

Would you please kindly confirm whether I have understood the following things right?

Triple DES supports 168-bit encryption with SHA-1 message authentication. Triple DES is the strongest cipher supported by SSL. Triple DES uses a key three times as long as the key for standard DES. Because the key size is so large, there are more possible keys than for any other cipher -- approximately 3.7 * 1050.

DES uses 56-bit keys -- only 56-bit keys. One can use smaller keys (by making sure only keys to 40 bit, for example, are generated. You cannot use keys larger than 56 bits. But, see below...

RC2 with 128-bit encryption and MD5 message authentication: Because the RC2 ciphers has 128-bit encryption, it is the second strongest next to triple DES, with 168-bit encryption. RC2 128-bit encryption permits approximately 3.4 * 1038 possible keys, making it very difficult to crack.

The larger the key space -- the set of all possible numbers from which to pick a key -- the longer a brute-force attack would take, so the better.

Provided you use, e.g. The Microsoft(r) Strong Cryptographic Provider (MSCP) and Microsoft(r) Enhanced Cryptographic Provider (MECP), what is meant by "two key" vs. "three key" in the following context:

DES -- MSCP: 56 bits; MECP: 56 bits
Triple DES (two key) -- MSCP: 112 bits; MECP: 112 bits
Triple DES (three key) -- MSCP: 168 bits; MECP: 168 bits

And, how is two key vs. three key achieved?

DES uses 56-bit keys. A method -- called "Triple DES" was developed to extend the life of DES. One, two or three keys are used with Triple DES.

DES is applied three times: Plaintext gets encrypted with key A, then decrypted with key B, then encrypted with key C. If you can only use 56-bit encryption (because of some law, for example) your software would generate one key and use it for key A, B and C. The most common form of 3DES uses two keys -- key A and key C are equivalent. 3DES with three keys uses three 56-bit keys, all different.

So, in order for someone to brute-force 3DES with two keys, they have a 112-bit key space to go through. See INTERNET CRYPTOGRAPHY by Rick Smith and/or APPLIED CRYPTOGRAPHY by Bruce Schneier.

I don't know Microsoft specifics. I expect the user might be able to pick the encryption algorithm used and key size. One can do that with other crypto products (PGP, for example). 128-bit AES, RC4 and IDEA, as well as 112-bit 3DES, are all considered good practice.

Remember Snyder's Razor: In the absence of other factors, always use the most secure options available.

This was last published in June 2002

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### SQL injection attacks: How to defend your enterprise

SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at ...

• ### Cloud security lessons to learn from the Uber data breach

Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main ...

• ### Challenges in cloud data security lead to a lack of confidence

A new study on cloud data security provides insights into the shaken confidence in the cloud. Despite its increased use, payment ...

## SearchNetworking

• ### Cisco revenue turns positive, as software, security sales up

Cisco revenue grew last quarter for the first time in more than two years, due, in part, to rising software sales. But analysts ...

• ### Making the most of incident detection and response

This week, bloggers look into incident detection strategies, a new anomaly detection tool from ExtraHop and how Ethernet VPN ...

• ### Latest Juniper switches up throughput for cloud applications

The latest Juniper switches target companies that want a network infrastructure with the throughput and management software to ...

## SearchCIO

• ### CISOs, give your cybersecurity program a sense of purpose

'Vanquish the enemy you can see … then prepare for the next engagement.' Brooks Brothers' Phillip Miller gives fellow CISOs new ...

• ### Who's talking? Conversational agent vs. chatbot vs. virtual assistant

Think a conversational agent, chatbot and virtual assistant are the same? Think again. IBM Watson VP and CTO Rob High explains ...

• ### Neurala claims 'lifelong deep neural nets' don't forget

Boston startup Neurala says it has developed deep neural networks that can learn on the fly. Neurala's COO Heather Ames explains.

## SearchEnterpriseDesktop

• ### VMware Workspace One helps Western Digital organize 3,000 apps

The application portal in VMware Workspace One allowed IT to streamline app delivery, and the product's cloud-based model proved ...

• ### Three PC lifecycle management options IT should consider

IT pros can use PCs and laptops until they stop working, or they can set up a lifecycle management plan that retires them after a...

• ### Microsoft Office 2019 release will force IT to migrate to Windows 10

If you're not yet on Windows 10, news about the upcoming Microsoft Office 2019 release may force your hand. Plus, the company ...

## SearchCloudComputing

• ### VMware acquisition continues move toward cloud security

VMware cloud security tools will get a boost from the company's acquisition of CloudCoreo, a security and management startup ...

• ### Application release automation drifts to the cloud

CI/CD initiatives will spark increased adoption of app release automation tools this year, including those hosted in the cloud, ...

• ### User self-service challenges mount in multi-cloud computing

Self-service provisioning presents challenges with a single cloud provider, and a multi-cloud strategy only magnifies those ...

## ComputerWeekly.com

• ### Chrome OS: Why it may be time to approach desktop IT in a different way

The managed desktop has been running for nearly 20 years. Surely there must be a better way? We investigate

• ### Tech industry signs cyber security charter

Nine technology organisations have signed a cyber security charter aimed at raising the level of cyber security internationally

• ### London remains top city for migrating tech talent

Despite Brexit, the UK capital is still a popular destination for technology workers migrating from both inside and outside the ...

Close