DES and 3DES

DES is one of the most widely used encryption methods. DES turns clear-text data into cipher text with an encryption algorithm. The receiving station will decrypt the data from cipher text into clear text. The shared secret key is used to derive the session key, which is then used to encrypt and decrypt the traffic.

Figure 4-5 demonstrates DES encryption.

Figure 4-5 DES Encryption Methodologies

Data is encrypted using mathematical formulae to scramble data with the shared private key.

Encrypted Data

Data is encrypted using mathematical formulae to scramble data with the shared private key.

Data is encrypted using mathematical formulae to scramble data with the shared private key.

■ Clear Text data is received.

■ Clear Text data is received.

Figure 4-5 demonstrates the PC's clear-text generation. The data is sent to the Cisco IOS router, where it is encrypted with a shared key (remember, the shared secret key is used to derive the session key, which is then used to encrypt and decrypt the traffic) and sent over the IP network in unreadable format until the receiving router decrypts the message and forwards it in clear-text form.

DES is a block cipher algorithm, which means that DES performs operations on fixed-length data streams. DES uses a 56-bit key to encrypt 64-bit datagrams.

DES is a published, U.S. government-standardized encryption method; however, it is no longer a U.S. government-approved encryption algorithm.

3DES is the DES algorithm that performs three times (3 x 3 x encryption and 3 x decryption) sequentially (although there are some variations as well). Three keys are used to encrypt data, resulting in a 168-bit encryption key.

3DES is an improved encryption algorithm standard and is summarized as follows:

1. The sending device encrypts the data with the first 56-bit key.

2. The sending device decrypts the data with the second key, also 56 bits in length.

3. The sending device encrypts for a final time with another 56-bit key.

4. The receiving device decrypts the data with the first key.

5. The receiving device then encrypts the data with the second key.

6. Finally, the receiving device decrypts the data with the third key.

A typical hacker uses a Pentium III computer workstation and takes approximately 22 hours to break a DES key. In the case of 3DES, the documented key-breaking times are approximately 10 billion years when 1 million PC III computers are used. Encryption ensures that information theft is difficult.

TIP It is possible to increase the number of bits in the key, but brute-force cracking of a 1024bit key is not feasible using current or reasonably foreseeable technology. Even if, based on future innovations, this becomes a weak key length, the value of the data it protects will have very likely diminished to zero. In the event that you have need for more protection, you can increase the key size. However, you should be aware that this will take a processing toll on every secure transaction.

NOTE Unbeknownst to the author of the previous tip, a mathematician named D. J. Bernstein delivered a paper entitled "How To Find Small Factors Of Integers" (http://cr.yp.to/ papers.html#nfscircuit) earlier in the year. At the Financial Cryptography conference held in late March, 2002, it was discovered that, using his formulas, 512-bit keys can be broken in less than 10 minutes using Pentium IV-based computers and that an array of them (cost estimate, \$1 billion) could break a 1024-bit key in the same time. That price tag is well within the reach of the world's major security agencies; an NSA satellite's price tag is double that, and it has several of them.

The lessons here are two-fold. First, if your data is attractive enough to those able to afford those rapidly declining but still very large price tags, go for the biggest key your software supports. Second, authors who write tips like the previous one do so at great risk.

Encryption can be used to enable secure connections over the LAN, WAN, and World Wide Web.

The end goal of DES/3DES is to ensure that data is confidential by keeping data secure and hidden. The data must have integrity to ensure that it has not been modified in any form, and be authenticated by ensuring that the source or destination is indeed the proper host device. Another encryption standard in common use today is widely regarded as the new industry standard, namely AES.

0 0