Is the 3DES encryption algorithm the best choice for S/MIME protocol?

The triple DES encryption algorithm was originally designed for the S/MIME protocol, but is it still the best choice for encryption? In this expert response, Randall Gamby describes the advantages and disadvantages to using 3DES.

Randall Gamby, HP

How can 3DES symmetric encryption be implemented in the S/MIME protocol?

Actually, the 3DES encryption algorithm was part of the original S/MIME protocol. However, 3DES -- also known as Triple DES, or the Triple Data Encryption Standard -- is based on the DES algorithm developed by an IBM team in 1974. Triple DES was originally designed to run in specialized hardware, so it's considered computationally expensive on general-purpose processors.

Because of the limitations of the key lengths used in 3DES and its poor execution on general-purpose computers, S/MIME eventually adopted AES as the standard for its encryption. AES, also known as Rijndael and FIPS-197, is a symmetric block cipher that can accept variable block and key lengths up to 256-bits and isn't restricted to the less secure 64-bit key lengths of 3DES. Plus, it would probably run a bit better on your server than 3DES. Because of this, it's hard to recommend using 3DES (even though it should be technically possible) because ultimately you'll be taking a giant step backward. But assuming you have a requirement due to a legacy system, I'd recommend doing some research on the Internet to find an old copy of the S/MIME protocol standard for guidance on how to integrate a 3DES encryption key into it.

This was last published in April 2010

Is the 3DES encryption algorithm the best choice for S/MIME protocol?

The triple DES encryption algorithm was originally designed for the S/MIME protocol, but is it still the best choice for encryption? In this expert response, Randall Gamby describes the advantages and disadvantages to using 3DES.

Dig Deeper on Disk and file encryption tools

Löschpflichten: Das Recht auf Vergessenwerden hat Grenzen

AWS persiste : le CLOUD Act ne serait pas (vraiment) un problème

L’Anssi se fait conseiller en sécurité d’Active Directory

The difference between AES and DES encryption

Related Q&A from Randall Gamby

Manage unsuccessful login attempts with account lockout policy

For minimum password length, are 14-character passwords sufficient?

How has enterprise SSO technology evolved?

SearchCloudSecurity

Dispelling 4 of the top cloud security myths today

Guide to cloud security management and best practices

The 8 best cloud security certifications for IT pros in 2021

SearchNetworking

5 steps to conduct network penetration testing

5 benefits of Wi-Fi 6 for enterprise networks

Get started with network penetration testing for beginners

SearchCIO

Texas power outage flags need to revisit business continuity

4 ways to measure digital experience to drive tech optimization

Calculating cloud migration costs: What CIOs need to consider

SearchEnterpriseDesktop

Microsoft to add a text prediction feature to Word

Microsoft announces Office 2021, Office LTSC

Microsoft crowdsources notifications for Edge

SearchCloudComputing

How to create snapshots for Azure VMs and managed disks

HPE acquires CloudPhysics, targets cloud migration projects

Compare Azure DevOps vs. GitHub for CI/CD pipelines

ComputerWeekly.com

On digital identity, the government gets it wrong again

Cyber extortionist threatened to bomb NHS targets

DCMS gives tablet devices to people with learning disabilities