Security comparsion of 3DES and AES

  • Which one is more secure and least possible to be broken through cryptanalysis AES or 3DES (no matter performance)?

    I need to use encryption for my projects to store and secure sensitive information which includes bank accounts, sort codes, and third party data related bank. I am currently considering using 3DES in CFB mode, but I am not very sure if it is the best option and what are other alternatives.

    I know the title does not give much idea what the question is about, but I couldn't think of something better.

  • Go for AES.

    AES is the successor of DES as standard symmetric encryption algorithm for US federal organizations. AES uses keys of 128, 192 or 256 bits, although, 128 bit keys provide sufficient strength today. It uses 128 bit blocks, and is efficient in both software and hardware implementations. It was selected through an open competition involving hundreds of cryptographers during several years.

    DES is the previous "data encryption standard" from the seventies. Its key size is too short for proper security. The 56 effective bits can be brute-forced, and that has been done more than ten years ago. DES uses 64 bit blocks, which poses some potential issues when encrypting several gigabytes of data with the same key.

    3DES is a way to reuse DES implementations, by chaining three instances of DES with different keys. 3DES is believed to still be secure because it requires 2112 operations which is not achievable with foreseeable technology. 3DES is very slow especially in software implementations because DES was designed for performance in hardware.

    Resources: (offline, still in the Web Archive)

    @AndreyBotalov: for the case AES, this is a quite biased view. At the time of the AES selection process (I was there !), after having assembled lots of analysis to the effect that 13 of the 15 candidates looked "rock solid", a lot of performance measurements were done, and Rijndael was one of the "fast" ciphers. Actually it was the one which was the most consistently fast across many architectures, and that was very instrumental in its choice. RC6 was faster _on a PC_ but a PC is the last platform to have real encryption performance issues. AES beats RC6 on smartcards and small ARM/Mips.

    Plus we now have AES extensions in modern processors, which can massively increase the speed of the cipher.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM