Overview:
The Triple Data Encryption Algorithm, called 3DES for short, is an encryption algorithm that evolved from previous flavors of the same algorithm (Data Encryption Standard, or DES, which was first published in 1975). Although under certain configurations 3DES can be acceptable, it is being phased out slowly as there are new vulnerabilities that make the protocol significantly weaker. Where possible, newer standards such as AES should be used; there are no reasons to stick to 3DES apart from backward compatibility or legacy support.
Developer's QuickStart
IT Admin's QuickStart
Manager's QuickStartFor more details check the FAQ for this algorithm.
Attacks:
- Meet in the Middle Attack :This particular attack can occur with specific settings in which DES could operate (keying option 1).
- Sweet 32 This is a major attack that renders 3DES weak and compromises the security entirely. But like mentioned before, there are ways to mitigate and still use 3DES. OpenSSL does not include 3DES per default since version 1.1.0 (August 2016), and considers it a "weak cipher". Cisco's advisory on Sweet32:" https://www.synopsys.com/blogs/software-security/sweet32-retire-3des/