Triple DES (also 3DES) is the encrypt-decrypt-encrypt
EDE mode[?] of the
Data Encryption Standard (DES) cipher algorithm.
The encryption is done by
- C = encryptk3(decryptk2(encryptk1(P))).
with
- P ... plaintext
- C ... ciphertext
- ki ... key #i
- encrypt, decrypt ... DES
Because DES is not a
group, using it in EDE mode will increase its key size by a factor 3 (or 2 in the case of k
1 = k
3); in the case of DES this totals to 168 (or 112) bits.
If k
1 = k
2 or k
2 = k
3, triple DES is equal to DES.
The use of three steps is essential to prevent meet in the middle[?] attacks.
The choice of decryption for the middle step (as opposed to encryption) does not affect the security of the algorithm but instead lets tools that implement triple DES interoperate with legacy single DES tools.
See also: