Security-TDES ALGORITHM

Security

In general, Triple DES with three independent keys (keying option 1) has a key length of 168 bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the effective security it provides is only 112 bits. Keying option 2 reduces the key size to 112 bits. However, this option is susceptible to certain chosen-plaintext or known-plaintext attacks,[11][12] and thus, it is designated by NIST to have only 80 bits of security.[5]

The best attack known on keying option 1 requires around 232 known plaintexts, 2113 steps, 290 single DES encryptions, and 288 memory[13] (the paper presents other tradeoffs between time and memory). This is not currently practical and NIST considers keying option 1 to be appropriate through 2030.[5] If the attacker seeks to discover any one of many cryptographic keys, there is a memory-efficient attack which will discover one of 228 keys, given a handful of chosen plaintexts per key and around 284 encryption operations.[14]