I'd like to point out that 2-key TDES is still the standard for banking cryptography and that almost nothing in payment card or related security uses anything else - in fact, some standards (like DUKPT) do not support 3-key TDES at all. The confusion is because the best attacks on 2-key TDES require the attacker to have access to certain information that is generally unavailable in banking transactions, key management, etc. A good reference for what algorithms and key lengths to use (and why) is ISO TR 14742, "Financial services — Recommendations on cryptographic algorithms and their use ". Here is a paragraph from that explaining when 2-key TDES is OK and when it is not: ------ begin excerpt ------ The recommended end date for use of 2-key Triple DES (TDEA with keying option 1) ranges from 2010 to 2030. Which date is appropriate for a given implementation depends on the way in which the keys are being used in that implementation. If the key usage provides a potential attacker with a large number of plaintext- ciphertext pairs for the same key (e.g. 1,000,000,000,000 ≈ 2**40 pairs), the security of the key is approximately 80 bits and hence the recommended use is until 2010. If only a few (less than 256) pairs are available, it may be acceptable to continue use until 2030. ------ end excerpt ------
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
