The simplest variant of TDES operates as follows: , where is the message block to be encrypted and , , and are DES keys. This variant is commonly known as EEE because all three DES operations are encryptions. In order to simplify interoperability between DES and TDES the middle step is usually replaced with decryption (EDE mode): and so a single DES encryption with key can be represented as TDES-EDE with . The choice of decryption for the middle step does not affect the security of the algorithm.
The best attack known on 3-key TDES requires around 232 known plaintexts, 2113 steps, 290 single DES encryptions, and 288 memory (the paper presents other tradeoffs between time and memory). This is not currently practical and NIST considers 3-key TDES to be appropriate through 2030 . If the attacker seeks to discover any one of many cryptographic keys, there is a memory-efficient attack which will discover one of 228 keys, given a handful of chosen plaintexts per key and around 284 encryption operations.
By design, DES and therefore TDES, suffer from slow performance in software; on modern processors, AES tends to be around six times faster. TDES is better suited to hardware implementations, and indeed where it is still used it tends to be with a hardware implementation (e.g., VPN appliances and the Nextel cellular and data network), but even there AES outperforms it. Finally, AES offers markedly higher security margins: a larger block size and potentially longer key.
An optimization model for locating fuel treatments across a landscape to reduce expected fire losses.(Report)
Apr 01, 2008; Abstract: Locating fuel treatments with scarce resources is an important consideration in landscape-level fuel management. This...