3DES deprecated by NIST

Robert J. Hansen rjh at sixdemonbag.org
Mon Jul 31 18:52:58 CEST 2017

For many years I've been saying that 3DES is a much stronger algorithm
than its detractors think, subject to some massive concerns about its
64-bit block size and the near-certainty of a block repeating after
about 32Gb of traffic (2**32 blocks, 8 bytes per block).  This isn't to
say I've been advocating 3DES: we certainly should be moving to AES, but
the fearmongering over 3DES has been -- IMO -- counterproductive.

Well, NIST has recently lowered its estimate of 3DES's safety.  Their
guidance now says a single 3DES key shouldn't be used for more than 8Mb
of traffic.  If previously we were moving to AES and away from 3DES
because the fire alarm went off, this would be the smell of smoke in the

If you're still using 3DES, please migrate to AES immediately.  Until
you do, make sure to follow NIST's guidance.


More information about the Gnupg-users mailing list