 |
 |
|
|
Due to the fact that Triple DES 168-bit encryption/decryption performance is so slow, even though it may seem safer than DES 56-bit, there is a trade-off for performance over security amongst vendors. As many Triple DES implementations today are software based, TDES-EDE and 3DES-EDE are faster than Triple DES 168-bit, but they have a very short track record and as such, haven't yet had the time to prove their safety and stability (logically they seem to be solid, but there is no/very little real proven evidence to back that logic up yet); and attaining that proof requires time!!! So we must ask ourselves, "Do we want to be the guinea-pigs of a new technology during that time-period or not?"
Both TDES-EDE and 3DES-EDE, are faster than Triple DES (168-bit), but they are still too slow to perform bulk data encryption.
Triple DES is approximately 2.5 times slower than "single" DES (rather than 3 times), because inner permutations may be removed.
TDES-EDE3 software has been fine tuned to achieve 6.22 Mbps with a 133 MHz Pentium.
An attack has been shown on TDES-EDE2 (using only two independent keys) that is somewhat (sixteen times) faster than exhaustive search. Again, DES-EDE3 with three independent keys is actually needed to provide the expected level of security.
Although it is widely believed that DES-EDE3 is substantially stronger than single DES alone, as it is less amenable to brute force attack, it should be noted that real cryptanalysis of DES-EDE3 might not use brute force methods at all. Instead, it might be performed using variants on differential or linear cryptanalysis. It should also be noted that no encryption algorithm is permanently safe from brute force attack, because of the increasing speed of modern computers.
As with all cryptosystems, those responsible for applications with substantial risk when security is breeched should pay close attention to developments in cryptology, and especially cryptanalysis, and switch to other transforms should DES-EDE3 prove weak.
Thus the tradeoff comes as follows:
As for many of today's industries that want to jump on the new and upcoming IPSec (state-of-the-art) bandwagon; they tend to lean towards the faster (better performance) and supposedly compatible/interoperable (albiet not yet fully proven either) solution using Triple DES 168-bit, TDES-EDE and 3DES for Hashing and Digital Signatures and just plain DES 56-bit bulk data encryption over the supposedly more secure, slower performance Triple DES 168-bit bulk encryption method.
DO YOU find the above full of TOO MANY "If's", "supposedly's", "not yet's", "have yet's", "perhaps'", etc?
I DO!!! and as such, I tend to prefer DES-CBC (with IV) coupled with "Strong Key Management" and "Strong Authentication" for the time being; until such time that the newer up-and-coming technologies attain a PROVEN SAFE TRACK RECORD!!!
Hackers may be able to decrypt and read the contents of several packets, but with strong user authentication and packet authentication (including anti-replay), even though they might be able to decrypt the packet, they cannot modify the content or spoof the user nor packet authentication (if it's strong!!!)
Thus strong encryption alone will not do the trick, you need strong user authentication, strong packet authentication and strong Key Management to have a totally secure system. Strong IPSec Strength Encryption with various weak authentication methods (pre-shared keys or reputable CA certificates) along with weak Key Management (allowing PC to use their internal random generators to create keys which are stored on weak security Operating System hard disks) is not what I would call a strong security system.