Encryption 101: Triple DES explained
Can you expand on your statement about Triple DES having an effective strength of only about 128 bits instead of the full 168 that it would seem to have? I've heard this before but never knew the reason why. Also, I understand Triple DES can be implemented as EEE, EDE, DED (where E=encrypt, D=decrypt). Is there one version that everyone has standardized on? Why was it chosen?
What we all call Triple DES is EDE (encrypt, decrypt, encrypt). The way that it works is that you take three 56-bit keys, and encrypt with K1, decrypt with K2 and encrypt with K3. There are two-key and three-key versions. Think of the two-key version as merely one where K1=K3. Note that if K1=K2=K3, then Triple DES is really Single DES.
Triple DES was created back when DES was getting a bit weaker than people were comfortable with. As a result, they wanted an easy way to get more strength. In a system dependent on DES, making a composite function out of multiple DESes is likely to be easier than bolting in a new cipher and sidesteps the political issue of arguing that the new cipher is better than DES.
READ JON'S COMPLETE RESPONSE HERE
This was first published in June 2004