Security of 3DES

Robert J. Hansen rjh at sixdemonbag.org
Tue Sep 3 22:47:47 CEST 2013


On 9/3/2013 12:49 PM, Peter Lebbing wrote:
> 3DES is safe. It's incredibly safe! How is it no match for modern CPU
> power? There are no practical attacks on 3DES. What are you trying to
> say?

I have said this many times in the past; apparently I need to say it again.

"3DES has been turning brilliant cryptanalysts into burned-out alcoholic
wrecks for over thirty years."

Nothing in the OpenPGP suite comes anywhere near to the safety provided
by 3DES.  Nothing even comes *close*.  Assuming your adversary has
access to more computing power than exists in the entire world, 3DES
offers "only" 112 bits of security; for realistic assumptions about
computing power, 3DES offers the full 168 bits.

3DES is ugly, awkward, ungainly, slow, and it has all the aesthetic
appeal of the Socialist Realism school of art.  It is *awful*.  And yet,
it keeps on going, completely impervious to the last three decades of
cryptanalysis.

It reminds me quite a lot of the coelacanth -- a fish that was found in
the fossil record 400 million years ago, and still can be found swimming
in the oceans today.  If you look at a coelacanth it just looks
primitive, unevolved, and strangely frightening.  It has survived the
last 400 million years of Nature's attempts at killing it.  It commands
respect and admiration, even while at the same time giving vague
feelings of revulsion.

3DES is our coelacanth.

http://outlookcolumbus.com/wp-content/uploads/2013/02/coelacanth1.jpg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20130903/8cb5c41e/attachment-0001.bin>


More information about the Gnupg-users mailing list