Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Terminology

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

3DES Encryption Algorithm - IPsec VPN Tutorial Guide

 

 

3DES (Triple DES or Three DES)

 

3DES is simply the DES symmetric encryption algorithm, used three times on the same data. Data is encrypted, and then the same data is encrypted two more time using DES encryption algorithm, and hence where the name triple DES came from. Of course this makes the encryption stronger and more difficult to break.

3DES or Triple DES, however, was later replaced by AES which proves to be the strongest encryption algorithm.

3DES is a block cipher which uses 48 rounds in its computation (transpositions and substitutions), and has a key length of 168 bits.

 

The process of 3DES works as follows;

1) Data is encrypted using a 56-bit key

2) Data is decrypted using a different key

3) Data is encrypted using a completely new key

When the 3DES process is complete, data is sent to its final destination.

 

However 3DES works in a number of other modes as well. As shown above, it is basically encrypted, decrypted and finally encrypted again using 3 different keys. This is known as DES-EDE3.

 

There are also the following modes as described below:

- DES-EDE3 – Encrypt, Decrypt and Encrypt with 3 unique keys as mentioned above.

- DES-EEE3 – A block of data is encrypted, and encrypted again with a different key and finally encrypted once more with another key, using a total of 3 unique keys.

- DES-EDE2 – Here we only use two keys, in which the first and last encryption is done using exactly the same key.

- DES-EEE2 – Finally, this also uses two keys, the first and last encryption is done using the same key.

 

If you’re wondering what happened to Double-DES? This was also developed and tested but was later found to have weaknesses and is no stronger than DES, and so was considered obsolete.

As well as DES and 3DES, some other common symmetric encryption algorithms are AES, blowfish, Twofish, IDEA, CAST, SAFER, Skipjack and RC.

Further Reading

Wikipedia's guide to 3DES (Triple DES)