-1

My question is can we extend key length of Triple DES to 512 instead of 168?

How to prove that there is no 512 bits Triple DES and if I want to use very secure algorithm what is the maximum key length I can use in triple DES. How can I justify key size choice.

I found that link in Oracle that refer to the key size of triple DES as star * but I don't know what that mean?

http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html

Jon Heller
  • 34,999
  • 6
  • 74
  • 132
tgh12
  • 1
  • Please edit your question and take care of punctuation, because it's hard to understand your problem. – Tarec May 14 '14 at 13:01
  • 1
    I guess that would have to be called 9,1428571428571429DES :P. But its use would be as awkward as the name implies. – Maarten Bodewes May 14 '14 at 15:04

2 Answers2

3

Triple DES is by definition 168 bits (although dependent on the selected option, the key (excluding parity bits) may actually only be 56 or 112 bits instead of 168 bits). There is no way to extend the key length. If you need a longer key length, then you should use an encryption algorithm that supports that key length.

There is no need to "prove" this as you ask, as it is described in the standard documents.

Also note that by today standards, DES is considered very weak and Triple DES is considered relatively weak (especially with keying option 2 and 3). I'd suggest you go for a more modern and stronger algorithm like AES.

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
  • I guess you would get lower strengths if you use the same key, and higher if you use two key triple DES. Do you have a reference for that 56 bit strength for 3DES? – Maarten Bodewes May 14 '14 at 14:53
  • @owlstead with keying option 3, all keys are the same, so strength is 56 bits (see the Wikipedia article I linked to) – Mark Rotteveel May 14 '14 at 19:12
  • OK, problem is that there are multiple ways to define the number of bits for a key. As the cryptographic *strength* of 3DES is less than the actual key *size*, and is certainly not 112 bits for DES ABA let alone 168 bits for DES ABC (or actually CBA if I remember the spec. correctly). – Maarten Bodewes May 14 '14 at 20:57
  • @owlstead Yes, my use of the word strength was a bit wrong here, I have revised my answer. – Mark Rotteveel May 15 '14 at 07:30
2

No because triple DES means 3 times DES with 3 different keys, or with 2 keys if one key is reused. So the size in bits is either 128 bits or 192 bits - if you count the parity bits as part of the key, 112 or 168 bits - if you do not count the parity and even lower values - if you look at the security strength of 3DES.

The key size of 3DES is not its main weakness. The main weakness is the whole construction with weak keys and the 8 byte blocksize. Furthermore, 3DES is much slower than e.g. AES. Just upgrading the key size will only get you much lower performance, without much benefit to security.

The * in the Oracle provider means "any", but that * is only present in the table that displays the key sizes you can use without downloading the unlimited crypto files. The actual key sizes that are supported are listed for the SunJCE provider. That table shows the actual bits in the key used for cryptographic calculations by the way (112 & 168); the encoding will still be 16 or 24 bytes. Note that old(er) Java versions only allow 24 byte keys (which means you have to do some copying of bytes if you have a 16 byte key as input).

Don't use DES, and leave 3DES alone except for backwards compatibility.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263