Computer Security :: Lessons :: Multiple Encryption
DES is extremely vulnerable to a brute-force attack, especially with the power of computers today. While AES is a valid alternative to DES, another solution was developed to use DES multiple times. Double DES has two encryption stages and two keys, which means there is a key length of 112 bits (56 x 2). Double DES has been proven to produce numerous new mappings that cannot be generated from a single application of DES.
Double DES has a weakness to a new type of attack. A meet-in-the-middle attack reduces the number of brute force permutations that are needed to decrypt text. It only works when there is a known plaintext/ciphertext pair. The attacker first encrypts the plaintext with all possible values for the first key and stores the results in a sorted table. Next, the ciphertext is decrypted using all possible values of the second key while checking each decryption in the table for a match. Once a match is found, the two keys are used against a new known plaintext/ciphertext pair to ensure the keys are correct.
The video below is not required, but you can watch some or all of it to learn more about meet-in-the-middle attacks.
Triple DES is the standard way of mitigating a meet-in-the-middle attack. 3DES is typically used with two keys, but recently three-key 3DES has been adopted by some applications for added security. While first and last segments of 3DES are encryption while the middle segment is decryption. Key management standards ANSI X9.17 and ISO 8732 use two-key 3DES while internet applications such as PGP and S/MIME have adopted three-key 3DES. The diagram below shows two-key 3DES, but the three-key diagram should be easy to picture.
It is important that DES be implemented properly. Using a multiple encryption scheme such as 3DES is not enough if there are security issues with the plaintext or the key. Part of the hack of Target in 2013 was due to PIN numbers padded with 0's before they were encrypted, which weakened the algorithm's security. The video below will explain some other keys to implementing DES encryption.