Early unclassified symmetric-key block cipher

Binary Computer Code, Binary Code, Internet, Technology, Password, Data
The Data Encryption Standard (DES /ˌdiːˌiːˈɛs, dɛz/) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, … Wikipedia

Factsheet

General
Designers IBM
First published 1975 (Federal Register) (standardized in January 1977)
Factsheet
General
Designers IBM
First published 1975 (Federal Register) (standardized in January 1977)
🌐
Wikipedia
en.wikipedia.org › wiki › Data_Encryption_Standard
Data Encryption Standard - Wikipedia
2 weeks ago - We actually put a number on each ... they were considered U.S. government classified. They said do it. So I did it". Bruce Schneier observed that "It took the academic community two decades to figure out that the NSA 'tweaks' actually improved the security of DES."...
🌐
Encryptionconsulting
encryptionconsulting.com › why-3des-or-triple-des-is-officially-being-retired
Why 3DES Or Triple DES Is Officially Being Retired?
May 8, 2024 - The Data Encryption Standard, also known as DES, is no longer considered secure. While there are no known severe weaknesses in its internals, it is inherently flawed because its 56-bit key is too short.
Discussions

tls - Is Triple DES still considered safe to use? - Cryptography Stack Exchange

🌐 crypto.stackexchange.com
September 20, 2017
However, Triple DES has a really ... the security of the system thanks to "block collision". This attack led to the removal of Triple DES from the DEFAULT cipher list in the 1.1.0 release of OpenSSL. The attack can also be mitigated by rekeying after a given amount of encrypted data. As a consequence of that, Triple DES was still in the TLS1.2 standard, but has not made it into the TLS1.3 one. So in the end, Triple DES is still considered secure if ... More on crypto.stackexchange.com

Is DES encryption secure?

🌐 quora.com
3
February 2, 2020
Short version: Uhh, not ‘99; way before. I was present at DES’ official death in 1993, but earlier, in the late ‘80s, I’d heard of an even-earlier succesful crack against DES. I’ve long had an affection for DES. I started learning crypto back when DES was the state of the art, so I’ve worked a bit with it. I studied DES’ S-boxes quite closely, and I once had to fix a bug in the DES library call for the DEC version of 4.3 BSD UNIX. BTW, when you look closely at DES’ design, a surprising bit of elegance appears. It turns out that the cipher’s mysterious & clunky pre- & post-processing steps cancel each other out, so that when we compose DES with itself, as in 3-DES, the composed clunky steps in the middle just disappear, leaving an uninterrupted 48-round Feistel network, with a very tidy key-schedule. Presumably, this served to allow DES’ formal cryptanalysis to extend naturally to 3DES. I have two stories about breaking DES: I was present on the night DES died, at the Crypto ’93 conference in Santa Barbara. On Wednesday night of that week, I went to the Rump Session, where Weiner presented his hardware design for a cheap-enough, fast-enough exhaustive search engine, for finding DES keys. The rump session was for authors whose papers had almost been accepted for the conference. They each had just 10 minutes in which to present. The annual Crypto ‘XX conference is really a math conference, so we expected everyone in the room, presenters and audience, to be a mathematician, but Weiner didn’t get that memo. Maybe twenty or thirty of us were crammed into a tiny, dimly-lit lecture room, sitting on random chairs, both hard and soft, plus a small sofa. There was a beer keg, and we drank our beer from small, flimsy, clear-plastic water cups. When Weiner stood up and put his first slide on the overhead projector, he said at the outset that he was a hardware engineer. So, expecting uninformed foolshness, I and some others turned to look back to the door, thinking to leave and freshen up our beers. But, the back of the room was crowded, standing room only, and I didn’t want to lose my seat, so I decided to grit my teeth for the 10 minutes and stay. The other doubters stayed, too. Weiner was a young guy like me, maybe in his early thirties. IIRC, he had short, dark, curly hair, and was clean-shaven. He spoke very quickly about a custom, high-speed DES chip, how much it would cost in bulk, how many of them he could fit on an 18″ circuit board, and how many such boards would fit in a standard 6-foot rack. Ho-hum, where’s my beer? He showed us circuit diagrams, chip layouts on the boards, and how tightly the boards could fit in the rack. He talked about the power supply, and about how many fans would be needed to dump the chips’ heat. His slides had very little math or crypto notation. But then, finally, he put up a slide with some math, showing his statistical calculation of the box’ reliability. He took into account the mean time between failure (MTBF) for the custom LSI chips, the support components, the power supply. The math was easy to follow, and with that he suddenly had us, with his thoroughness; our skepticism and apathy fell away. The cost of the box was to be $1M, and the key-extraction time was to be just a few hours. In that hot, crowded liitle room, full of sweaty cryptographers and beer cups, the atmosphere suddenly became electric. With the MTBF calculation, we all knew Weiner was right, DES was dead, and that we had witnessed its death. Over 20 years, DES had withstood fifty man-years of professional cryptanalytic effort, more than any other cipher. But we were there to see DES fall. I left the rump session that night exhilarated, dazed, and sad. I understood DES’ internals pretty well, and I had come to like it, despite its odd quirks. I still like it now, but 3DES is just too slow for modern use, and it’s fatally vulnerable to memory-timing attacks. But DES was the first cipher I learned well. Second DES story, as promised: A few years earlier, in the late ‘80s when I was working at MIT on my upgrades to the Kerberos protocol, my officemate Bob was an IBM engineer, on loan to us because IBM was one of the two corporate sponsors for our campus-networking project. Bob was about 10 years older than me. Bob and I looked completely different: he was 6′4″ (190 cm), lanky, and impossibly handsome, with a big, square jaw, ruddy face, and an unruly thatch of thick, coarse brown hair. He always wore a jacket and tie, chinos, and well-polished loafers. I’ve never once seen Bob in blue jeans, never mind a T-shirt. He always looked as if he had just stepped out of a Ralph Lauren clothing ad. By contrast, I was a hippie biker: tall and thin like Bob, but with a waist-length ponytail, a chest-length beard, and a jeweled gold tooth in the front of my mouth, from a misconceived street fight in the ghetto, ten years before. I only ever wore jeans and a T-shirt to work, with motorcycle boots on my feet and my scraped and battered bike jacket on my back. But Bob and I got along well, because in college he had been a hippie like me, he rode a bike, and like me, he still swore like a sailor. Finally, he loved Hunter S. Thompson just as much as I did. When I named one of my research machines “drgonzo.athena.mit.edu”, Bob understood why and heartily approved. So one day, Bob and I were drinking coffee and chatting at our desks in Building E-40. This being 1988 or 1989, DES was still sound, trusted, and in good standing as the symmetric-key cipher du jour. In fact, at that time DES was pretty much the only widely-used cipher for civilian work. We all were working on the Arpanet, which still was closed to everyone except researchers, and the Web hadn’t yet brought RSA into prominence. I was describing something of my kerberos work to Bob, and somehow, DES came up. He said to me, “Lemme tell you a story about DES. I’m not sure i’m allowed to tell you this...” Bob leaned back in his desk chair, and through the window behind him, I could see down to the street level outside, where some students were walking in the summer sunshine along Wadsworth St. into Kendall Square. He continued, with his big hands clasped behind his head. “A few years ago, after DES was developed at one of our research labs, some IBM researchers were experimenting one day with a newer cipher, bouncing encrypted packets off of an IBM network satellite, up in a geostationary orbit. “After a couple days of this, they got a telephone call from the NSA. The NSA guy said, ‘We picked up some traffic from your satellite. You’re not using DES. Stop it.’ ” Bob grinned widely, leaned back a bit farther in his chair, and waggled his shaggy eyebrows at me. “So maybe this kerberos stuff isn’t so airtight after all.” Bob was fun to drink with, too. 1199 words. My longer posts are here [ https://dondavislong.quora.com/ ]. More on quora.com

Is DES or 3DES still being used today? - Stack Overflow

🌐 stackoverflow.com
November 17, 2011
I'm voting to close this question as off-topic because it is not about programming. It might be more appropriate on Information Security. ... Triple-DES is still in use today but is widely considered a legacy encryption algorithm. More on stackoverflow.com

Is DES secure under CBC? - Cryptography Stack Exchange

🌐 crypto.stackexchange.com
October 1, 2018
I know DES is outdated, but will is is secure in CBC mode? Can anyone help me understand why not? More on crypto.stackexchange.com
🌐
TechTarget
techtarget.com › searchsecurity › definition › Data-Encryption-Standard
What is Data Encryption Standard (DES)? By
February 24, 2021 - Data Encryption Standard (DES) is an obsolete encryption algorithm. Find out how it worked, why it's no longer safe and where it's still being used.
🌐
Freeswan
freeswan.org › freeswan_trees › freeswan-1.5 › doc › DES.html
DES is Not Secure
DES, the Data Encryption Standard, can no longer be considered secure. While no major flaws in its innards are known, it is fundamentally inadequate because its 56-bit key is too short. It is vulnerable to brute-force search of the whole key space, either by large collections of general-purpose ...
🌐
Stack Exchange
crypto.stackexchange.com › questions › 51629 › is-triple-des-still-considered-safe-to-use
tls - Is Triple DES still considered safe to use? - Cryptography ...

Well, yes and no.

Triple DES using 3 different keys is still considered secure because there are no known attack which completely break its security to a point where it is feasible nowadays to crack it.

The Triple DES algorithm provides around 112 bits of security against bruteforce attacks (when taking into account the meet-in-the-middle attack).

For reference, the insane computation power used to find the first SHA1 collision is estimated at a bit more than operations. So we still have a security margin of , which is plenty, but still far less than other standards such as AES.

Triple DES with 3 different keys is still recommended by NIST as per their latest recommendation in NIST SP 800-57.

Triple DES is also the de facto fall-back algorithm for PGP: that is the algorithm all OpenPGP compliant software must implement and use if no other commonly supported algorithm is advertised in the public key of the recipient.

However, Triple DES has a really "small" blocksize with only 64 bits, which led to attack such as Sweet32 against TLS session which allows to break the security of the system thanks to "block collision". This attack led to the removal of Triple DES from the DEFAULT cipher list in the 1.1.0 release of OpenSSL. The attack can also be mitigated by rekeying after a given amount of encrypted data.

As a consequence of that, Triple DES was still in the TLS1.2 standard, but has not made it into the TLS1.3 one.

So in the end, Triple DES is still considered secure if you just want to encrypt something with it, but if you are running a protocol based on it, then you should be worrying about its small blocksize leading to the Sweet32 attack.

Answer from Lery on crypto.stackexchange.com
🌐
Precisely
precisely.com › home › aes vs des encryption: why advanced encryption standard (aes) has replaced des, 3des and tdea
AES vs DES Encryption: Why AES has replaced DES, 3DES and TDEA
November 14, 2022 - Blog > Data Security > AES vs DES Encryption: Why Advanced Encryption Standard (AES) has replaced DES, 3DES and TDEA ... Every so often, we encounter someone still using antiquated DES for encryption. If your organization hasn’t switched to the Advanced Encryption Standard (AES), it’s time for an upgrade. To better understand why: let’s compare AES vs DES encryption: DES is ...
🌐
Simplilearn
simplilearn.com › home › resources › cyber security › how the des algorithm works: basics of data encryption
DES (Data Encryption Standard): DES Algorithm and Operation
DES algorithm is a block cipher that transforms 64-bit plaintext into ciphertext through complex operations, ensuring data security with a fixed block size.
Published: 2 weeks ago
Address: 5851 Legacy Circle, 6th Floor, Plano, TX 75024 United States
🌐
Quora
quora.com › Is-DES-encryption-secure
Is DES encryption secure? - Quora

Data Encryption Standard [ https://en.wikipedia.org/wiki/Data_Encryption_Standard ], or DES, is a block cipher [ https://en.wikipedia.org/wiki/Block_cipher ] where a string of bits are transformed into an encrypted string of bits of equal length using a key of a specific size. It is a symmetric-key [ https://en.wikipedia.org/wiki/Symmetric-key_algorithm ] cipher, so anyone with the key can decrypt the text. Hardware as well as software was created to support DES, but as computing machines got more powerful, DES encryption fell to brute force attacks on the key space. Rather than make an all new encryption standard (which eventually happened in 2001 with the Advanced Encryption Standard [ https://en.wikipedia.org/wiki/Advanced_Encryption_Standard ]) or trying to build hardware with a larger key size, the core DES hardware and algorithms took advantage of the specified but underutilized Triple DES [ https://en.wikipedia.org/wiki/Triple_DES ] or 3DES standard, which used the same DES algorithm but ran it on data blocks three times with three different keys, running an encrypt with key 1, a decrypt with key 2 and another encrypt with key 3. Functionally, there three keys were implemented as a single key 3 times as long as the regular DES key. By implementing the enciphering as an encrypt-decrypt-encrypt cycle with three different keys, this same hardware could also be backward compatible with DES when all 3 keys were set to the same key. The longer key and multiple encryption steps made the resulting ciphertext much harder to crack with brute force methods. See more at Triple DES [ https://www.tutorialspoint.com/cryptography/triple_des.htm ].

Answer from Phillip Remaker on quora.com
🌐
Stack Overflow
stackoverflow.com › questions › 1619212 › is-des-or-3des-still-being-used-today
Is DES or 3DES still being used today? - Stack Overflow

Triple-DES is still in use today but is widely considered a legacy encryption algorithm. DES is inherently insecure, while Triple-DES has much better security characteristics but is still considered problematic.

NIST is the government organization that standardizes on cryptographic algorithms. The most current symmetric-key encryption algorithm NIST standard is AES, the Advanced Encryption Standard. In fact, there were a number of good nominations to be NIST's AES, including the Rijndael algorithm which became AES, as well as Bruce Schneier's Blowfish, the Twofish algorithm, and the Serpent algorithm.

Answer from yfeldblum on stackoverflow.com
🌐
Quora
quora.com › Is-Des-obsolete
Is Des obsolete? - Quora
April 20, 2020 - Answer: Theoretical attacks have been found in DES going as far back as 1992. In July 1998 DES was cracked in 56 hours and less than 6 months later a demonstrated attack cracked the key in under 24 hours using distributed computing. As of 2016, a single off the shelf Nvidia GeForce GTX 1080 Ti ca...
🌐
Quora
quora.com › The-DES-encryption-was-broken-in-1999-Why-and-how-did-it-happen
The DES encryption was broken in 1999. Why and how did it happen?
November 10, 2018 - Answer (1 of 6): Short version: Uhh, not ‘99; way before. I was present at DES’ official death in 1993, but earlier, in the late ‘80s, I’d heard of an even-earlier succesful crack against DES. I’ve long had an affection for DES. I started learning crypto back when DES was the state ...
🌐
Datadoghq
docs.datadoghq.com › code_analysis › static_analysis_rules › go-security › import-des
DES and Triple DES are now insecure
To ensure secure and reliable cryptographic operations, it is best to migrate away from the crypto/des package and adopt stronger algorithms like AES. The crypto/aes package provides the necessary functionality and security for symmetric encryption operations in Go, offering a safer alternative to DES. It’s important to regularly review and update cryptographic choices, considering ...
🌐
Businesstechweekly
businesstechweekly.com › home › cyber security › data security › understanding the data encryption standard (des)
Understanding the Data Encryption Standard (DES) - Businesstec...
May 11, 2023 - Despite being widely used for many ... led to vulnerabilities being discovered in DES, making it no longer considered secure by modern standards. Having gained an understanding of how DES works, it is important to examine its strengths and weaknesses....
🌐
Ituonline
ituonline.com › itu online › tech terms definitions › what is data encryption standard (des)?
What Is Data Encryption Standard (DES)? - ITU Online IT Training
June 26, 2024 - Government Communications: Securing sensitive government data and communications. Commercial Applications: Ensuring data integrity and confidentiality in various commercial software and hardware systems. While DES was groundbreaking in its time, it has significant limitations that led to its eventual replacement: Key Length: The 56-bit key length is now considered ...
🌐
Stack Exchange
crypto.stackexchange.com › questions › 62771 › is-des-secure-under-cbc
Is DES secure under CBC? - Cryptography Stack Exchange

No, it will be insecure. There are two reasons;

  1. Due to the smaller key size 56-bit; DES was tested for brute-force attack since published.
    1. DES_CHALL, 96 days to find the CES challenge key in 1997.

    2. EFF DES cracker 56 hours to find the CDES challenge key in 1997.

    3. COPACOBANA, an FPGA hardware built for attacking by brute-force for DES, can successfully find the key on average 6.4 days in 2006. 4 . Hashcat; running with two p3.16xlarge instances on AWS, one probably will find the key on average in about 0.9 days. Because that's 46G tries/second per GPU and 16 GPUs.

    4. crack.sh can search the key in ~26 hours with a single machine.

    5. crack.sh also produce a chosen-plaintext attack utilizing a rainbow table to recover DES key in 25 seconds in 2017.

      There is a nice secret message in the DES Challange II-2 about this;

$$\text{The secret message is: It's time for those 128-, 192-, and 256-bit keys.}$$

  1. Due to the Small 64-bit block size; DES is not secure under any modes of operation. If the attacker collects blocks encrypted under the same key in total the square root of the possible blocks, there is a %50 chance that the block will be the same. This will leak information even CBC and OFB. For a 64-bit block cipher as DES, $\sqrt{2^{64}} = 2^{32} \times 8 \text{ B} = 32 \text{ GiB}$ space will be enough.

    In our community, there are two nice questions more about the block size;

    1. How does blocksize affect security?
    2. Is a small size block cipher usable?

and a website Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN.

Answer from kelalaka on crypto.stackexchange.com
🌐
Tutorialspoint
tutorialspoint.com › what-are-the-factors-which-affects-the-security-of-des
What are the factors which affects the security of DES?
March 14, 2022 - What are the factors which affects the security of DES - DES is a strong encryption standard that works on a 64-bits plaintext block and restore a 64-bits ciphertext. Therefore, DES results in a permutation between the 264 possible arrangements of 64 bits, each of which can be either 0 or 1.DES ...
🌐
Umsl
umsl.edu › ~siegelj › information_theory › projects › des.netau.net › des history.html
HISTORY OF DES
This is contrasted to a stream ... a byte) is encrypted. DES was the result of a research project set up by International Business Machines (IBM) corporation in the late 1960s which resulted in a cipher known as LUCIFER. In the early 1970s it was decided to commercialise LUCIFER and a number of significant changes were introduced. IBM was not the only one involved in these changes as they sought technical advice from the National Security Agency (NSA) ...
🌐
IBM
ibm.com › docs › en › zos › 2.4.0
What is DES and AES?
We cannot provide a description for this page right now
🌐
SDxCentral
sdxcentral.com › security › cybersecurity explainers › what is encryption? definition › what is a virtual private network (vpn)? › what is the data encryption standard (des)?
What is the Data Encryption Standard (DES)? - SDxCentral
November 8, 2022 - The Data Encryption Standard (DES) is a standard that uses a symmetric key method to encrypt and decrypt data. Both parties must have the same private key.
🌐
Comparitech
comparitech.com › home › blog › information security › what is 3des encryption?
What is 3DES encryption and how does DES work? | Comparitech
August 31, 2023 - While keying option one is still considered secure for many applications, there aren’t many good reasons for why it should be used instead of an alternative like AES. Although 3DES holds an important place in cryptography as the follow-up to DES, its glory years are over and it’s time to ...