From: Arne Vajhøj on
Kenneth P. Turvey wrote:
> On Sat, 21 Jun 2008 23:26:10 -0400, Arne Vajhøj wrote:
>>> Yeah, use triple DES. It has just as good security (potentially
>>> better) and is supported. Its only disadvantage is that it is slower.
>> 3DES is not potentially better than AES.
>>
>> With long keys AES is better than 3DES.
>
> And with short keys it is roughly equivalent. There are a number of
> concerns about the security of AES that don't exist for 3DES. Given that
> the security of these ciphers is really a matter of making it more
> expensive for someone to break the security than to find other ways of
> getting the information, whether AES is better than 3DES really depends
> on what you are securing.
>
> The key length of AES may be set to 128 bits. The key length of 3DES is
> 112 bits. Given that there are suspected weaknesses in AES that may
> reduce the real key length it _may_ be that 3DES is better than AES. We
> probably won't know for sure for decades.

AES can be used with 128/192/256 bits. 3DES is 168 bit (with security
equivalent to 112 bit it is claimed).

AES is approved by NSA for secret information with 128/192/256 and top
secret with key size 192/256 (if they review the implementation). 3DES
is not.

I think there is every indication that AES is significantly better
than 3DES.

And the industry trend is very clear - there is a switch from 3DES to
AES (even though it will take a long time before the last 3DES app is
gone).

> The reality is that for the kinds of data the poster was looking to
> encrypt, i.e. the kind of data you ask people on USENET how to encrypt,
> 3DES is just as good as AES. If you also take into account the fact that
> it is easily supported by the API then it makes it a win.

The Java API for 3DES and AES is the exact same, so I can not follow
that argument.

Arne