Q
Problem solve Get help with specific problems with your technologies, process and projects.

# Clarification of encryption keys

Would you please kindly confirm whether I have understood the following things right?

Triple DES supports 168-bit encryption with SHA-1 message authentication. Triple DES is the strongest cipher supported by SSL. Triple DES uses a key three times as long as the key for standard DES. Because the key size is so large, there are more possible keys than for any other cipher -- approximately 3.7 * 1050.

DES uses 56-bit keys -- only 56-bit keys. One can use smaller keys (by making sure only keys to 40 bit, for example, are generated. You cannot use keys larger than 56 bits. But, see below...

RC2 with 128-bit encryption and MD5 message authentication: Because the RC2 ciphers has 128-bit encryption, it is the second strongest next to triple DES, with 168-bit encryption. RC2 128-bit encryption permits approximately 3.4 * 1038 possible keys, making it very difficult to crack.

The larger the key space -- the set of all possible numbers from which to pick a key -- the longer a brute-force attack would take, so the better.

Provided you use, e.g. The Microsoft(r) Strong Cryptographic Provider (MSCP) and Microsoft(r) Enhanced Cryptographic Provider (MECP), what is meant by "two key" vs. "three key" in the following context:

DES -- MSCP: 56 bits; MECP: 56 bits
Triple DES (two key) -- MSCP: 112 bits; MECP: 112 bits
Triple DES (three key) -- MSCP: 168 bits; MECP: 168 bits

And, how is two key vs. three key achieved?

DES uses 56-bit keys. A method -- called "Triple DES" was developed to extend the life of DES. One, two or three keys are used with Triple DES.

DES is applied three times: Plaintext gets encrypted with key A, then decrypted with key B, then encrypted with key C. If you can only use 56-bit encryption (because of some law, for example) your software would generate one key and use it for key A, B and C. The most common form of 3DES uses two keys -- key A and key C are equivalent. 3DES with three keys uses three 56-bit keys, all different.

So, in order for someone to brute-force 3DES with two keys, they have a 112-bit key space to go through. See INTERNET CRYPTOGRAPHY by Rick Smith and/or APPLIED CRYPTOGRAPHY by Bruce Schneier.

I don't know Microsoft specifics. I expect the user might be able to pick the encryption algorithm used and key size. One can do that with other crypto products (PGP, for example). 128-bit AES, RC4 and IDEA, as well as 112-bit 3DES, are all considered good practice.

Remember Snyder's Razor: In the absence of other factors, always use the most secure options available.

This was last published in June 2002

## SearchCloudSecurity

• ### Unify on-premises and cloud access control with SDP

One security framework available to organizations struggling with on-premises and cloud access control issues is a ...

• ### 6 AIOps security use cases to safeguard the cloud

Explore six AIOps security use cases in cloud environments, such as threat intelligence analysis and malware detection, as well ...

## SearchNetworking

As workers grow comfortable enough to return to the office, network teams will need to plan in advance to make sure the network ...

• ### Aruba product integrations advance its SASE strategy

Aruba's latest SASE-related integrations involve the Silver Peak-based SD-WAN, Threat Defense and the ClearPass Policy Manager. ...

• ### Wi-Fi 6 rollout requires careful review of network devices

Wi-Fi 6 is just one part of the overall enterprise network. Organizations need to evaluate several network components to ensure a...

## SearchCIO

• ### CIO role post-pandemic is 'opportunity of a lifetime'

What is the CIO's role in 2021? Genpact's Sanjay Srivastava, a speaker at this year's MIT Sloan CIO Symposium, says CIOs are ...

• ### Hybrid care is healthcare's future

Hybrid care is neither digital nor physical, neither in-office nor at home. Instead, it's a little of everything, and one health ...

• ### Replacing vs. maintaining legacy systems

As CIOs embrace more digital technologies, it's important that they determine the current status of their legacy systems and ...

## SearchEnterpriseDesktop

• ### Apple takes its M1 chip to the iMac, iPad Pro

The proprietary Apple silicon allows for an iPad Pro and an ultra-thin iMac with faster processing and graphics than previous ...

• ### VMware launches Anywhere Workspace to secure remote workers

Anywhere Workspace is an integrated product bundle that includes Workspace ONE, the VMware secure access service edge ...

• ### Incorporating zero trust into endpoint security

Zero trust is a complex term, but organizations that take security seriously must know what it is and how it can support existing...

## SearchCloudComputing

• ### Elastic vs. AWS highlights open source monetization dilemma

The fight between AWS and Elastic over the commercial usage of Elasticsearch highlights how open source software vendors need to ...

• ### How to calculate cloud migration costs before you move

Here's a primer on how to calculate the total cost of a cloud migration and compare your on-premises expenses to what you'll ...

• ### Evaluate Azure CLI vs. PowerShell for resource management

Compare two popular resource management tools for Azure -- Azure CLI and PowerShell -- to determine if one, or a combination of ...

## ComputerWeekly.com

• ### Automation, zero-trust, API-based security priorities for EMEA CISOs

Report by FireMon sheds light on buyer behaviour across the EMEA region

• ### ToxicEye malware exploits Telegram messaging service

The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye

• ### How satellite connectivity can combat the digital divide

Research shows satellite connectivity is now a credible alternative for demanding customers, and there are various actions that ...

Close