3DES

Content
This is the NOT the recommended standard.
There are serious security implications if not configured properly!
3 DES is now officially retired!

Last Updated Thu, 12 Dev 2018 12:00:01 -0400

3DES is an encryption algorithm that evolved from previous flavors of the same algorithm (DES which was first published in 1975). 3DES is being phased out slowly as there are new vulnerabilities that make the protocol significantly weaker. Although 3DES might be widely deployed still, it is because there are certain settings which when applied along with DES can provide good security. But considering the fact that there are newer protocols such as AES, there are no reasons to stick to 3DES apart from backward compatibility or legacy support.






Developer's QuickStart

Are you a developer? Get started with crucial implementation details above.




IT Admin's QuickStart

Are you an IT administrator? Get started with best practice setup details above.




Manager's QuickStart

Are you a Manager? Get started with best practice setup details above.

Attacks:
Meet in the Middle Attack :This particular attack can occur with specific settings in which DES could operate (keying option 1).
Sweet 32 This is a major attack that renders 3DES weak and compromises the security entirely. But like mentioned before, there are ways to mitigate and still use 3DES. OpenSSL does not include 3DES per default since version 1.1.0 (August 2016), and considers it a "weak cipher". Cisco's advisory on Sweet32:" https://tools.cisco.com/security/center/viewAlert.x?alertId=48625