> I've just been reading about recommended and deprecated encryption and > tripped over a nist document > (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf) > that distinguishes between 2key and 3key 3DES saying that the former is > deprecated after 2015 but the latter is still acceptable. > 2-key 3DES provides about 80 bits of security, while 3-key 3DES provides about 112 bits.
> Is this distinguishable in openssl? I.e. if we negotiate > TLS_RSA_WITH_3DES_EDE_CBC_SHA does it always use the 3-key version? > TLS cipher suites, like TLS_RSA_WITH_3DES_EDE_CBC_SHA, use the 3-key version. Also see RFC 5246, https://tools.ietf.org/html/rfc5246, and the discussion of "Data Encryption Standard" on page 79: DES can also be operated in a mode [3DES] where three independent keys and three encryptions are used for each block of data; this uses 168 bits of key (24 bytes in the TLS key generation method) and provides the equivalent of 112 bits of security. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
