Tweet
DES uses the Luficer algorithm to encrypt and decrypt sensitive but unclassified data with.
The keysize is 64 but 8 bits are parity bits - that is one bit in each byte is a parity bit so the actual key size is 56. DES is a block cipher and uses blocks of 64 bits. Each block is encrypted in 16 rounds using transpositioning and substitution.
The Lucifer algorithm was made as a 128 bit encryption but NSA and NIST was afraid the Work Factor was so high they would not be able to decrypt data encrypted with the Lucifer algorithm so they remade it to a 64 bit version. Lucifer is quite old and at the time Lucifer was written the CPU power available to NSA was nothing compared to present day. The 64 bit version of lucifer is called DEA - Data Encryption Algorithm.
The Work Factor is an estimate of the effort it would take an attacker to compromise a Cryptosystem. The Cryptosystem is the mechanism that carries out the encryption and decryption process. This includes the Algorithm, key software etc.
For integrity and authentication DES uses MAC - Message Authentication Code which is just a Digest from a hashing process that combined the clear text and a symmetric key. Remark that this is host authentication and not user authentication as a symmetric key is not bound to a user but a host. For user authentication you would need a public/private key pair.
DES can work in several different modes
One mode is CBC - Cipher Block Chaining mode which uses the previously encrypted block of data to encrypt the next one.
The ECB - Electronic Code Book mode does not use previously encrypted blocks of data to encrypt the next one with. This results in less random data and this mode should only be used for small amounts of data like pin codes or challenge/response processes.
The CFB - Cipher FeedBack mode let the encryption process simulate a stream cipher instead of a block cipher. This mode uses an IV - Initialization Vector for the first round followed by chaining. The IV is added to ensure the output is random.
The OFB - Output FeedBack mode works as the CFB mode except that it does not use the last encrypted block but data generated from the Key Stream Generator.
Using 3DES also called Triple DES is the same as using DES except the process is done three times.
There are four ways of doing this.
DES and of course 3DES are considered Symmetric as the same key is used for both encryption and decryption.
2DES was abandoned as it had around the same Work Factor as DES.
The keysize is 64 but 8 bits are parity bits - that is one bit in each byte is a parity bit so the actual key size is 56. DES is a block cipher and uses blocks of 64 bits. Each block is encrypted in 16 rounds using transpositioning and substitution.
The Lucifer algorithm was made as a 128 bit encryption but NSA and NIST was afraid the Work Factor was so high they would not be able to decrypt data encrypted with the Lucifer algorithm so they remade it to a 64 bit version. Lucifer is quite old and at the time Lucifer was written the CPU power available to NSA was nothing compared to present day. The 64 bit version of lucifer is called DEA - Data Encryption Algorithm.
The Work Factor is an estimate of the effort it would take an attacker to compromise a Cryptosystem. The Cryptosystem is the mechanism that carries out the encryption and decryption process. This includes the Algorithm, key software etc.
For integrity and authentication DES uses MAC - Message Authentication Code which is just a Digest from a hashing process that combined the clear text and a symmetric key. Remark that this is host authentication and not user authentication as a symmetric key is not bound to a user but a host. For user authentication you would need a public/private key pair.
DES can work in several different modes
One mode is CBC - Cipher Block Chaining mode which uses the previously encrypted block of data to encrypt the next one.
The ECB - Electronic Code Book mode does not use previously encrypted blocks of data to encrypt the next one with. This results in less random data and this mode should only be used for small amounts of data like pin codes or challenge/response processes.
The CFB - Cipher FeedBack mode let the encryption process simulate a stream cipher instead of a block cipher. This mode uses an IV - Initialization Vector for the first round followed by chaining. The IV is added to ensure the output is random.
The OFB - Output FeedBack mode works as the CFB mode except that it does not use the last encrypted block but data generated from the Key Stream Generator.
Using 3DES also called Triple DES is the same as using DES except the process is done three times.
There are four ways of doing this.
- EEE3 Which is Encrypt, Encrypt and Encrypt. Three different keys are used.
- EEE2 Which is Encrypt, Encrypt and Encrypt. Two different keys are used. The first and last encryption process uses the same key.
- EDE3 Which is Encrypt, Decrypt and Encrypt. Three different keys are used. The decryption process actually encrypt the data further as it is being decrypted with the wrong key.
- EDE2 Which is Encrypt, Decrypt and Encrypt. Two different keys are used. The first and last encryption process uses the same key.
DES and of course 3DES are considered Symmetric as the same key is used for both encryption and decryption.
2DES was abandoned as it had around the same Work Factor as DES.