In TLS, what's the significance of DES CBC3 sha? 

2.0K    Asked by ranjan_6399 in SQL Server , Asked on May 27, 2024
When researching some TLS compliant software I found some mentions of DES-CBC3. Further research shows that it is probably simply a name of OpenSSL for 3DES-EDE-CBC (under section "CIPHER SUITE NAMES" which I cannot directly link to). It seems to me that executing 3DES-EDE in CBC mode is significantly different from performing DES-CBC three times so the name doesn't make any sense. Is the string DES-CBC3 only specific to (software using) OpenSSL? Is it somehow tied to a specific version of SSL / TLS? Why is it called DES-CBC3?
Answered by Ranjana Admin
DES CBC3 sha, is a shorthand for a few suites in OpenSSL (that doesn't always have an exact one to one mapping between the name used and the suite used, it constructs it from the name and the type of key used for authentication). Nowadays, this name almost always means a suite documented in RFC 6101 where it is called, a slightly better name : SSL_RSA_WITH_3DES_EDE_CBC_SHA. I have no idea how OpenSSL came with its shorthand (and I suspect it dates from before OpenSSL was OpenSSL), but it's a pretty bad one.

The RFC name gives you the hint that it's using 3DES (Triple-DES) in EDE mode.

3DES-EDE is using 3 56 bit keys, the first used in Encryption, the second in Decryption, the third in Encryption. This construct has the advantage that if all three keys are identical, you have DES, which is nice as it permits you to reuse the same hardware to do DES and 3DES.

To answer each point

Only OpenSSL calls it that, not the name used in the actual standard
Valid from SSLv3 and up
You'd need to read the history of OpenSSL back when it was libeay, this is extremely old code, this was likely a mistake but it stuck.

Your Answer

Answer (1)

DES CBC3 SHA refers to a specific combination of cryptographic algorithms used in the context of Transport Layer Security (TLS) to ensure secure communication over a network. Let's break down each component to understand its significance:


DES: Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption of digital data. It was developed in the 1970s and widely adopted, though it's considered weak by today's standards due to its relatively short key length (56 bits).

CBC: Cipher Block Chaining (CBC) is a mode of operation for block ciphers. It provides confidentiality by chaining together blocks of ciphertext, so each ciphertext block depends on all preceding plaintext blocks. This makes it more secure against certain types of attacks compared to simpler modes like Electronic Codebook (ECB).

3DES (Triple DES): This is an enhancement over DES to improve security. It involves applying the DES algorithm three times to each data block: encrypting with one key, decrypting with a second key, and then encrypting again with a third key (or the same key, depending on the configuration). This significantly increases the key length (effectively 168 bits) and thus the security, although it's more computationally intensive.

SHA: Secure Hash Algorithm (SHA) is a family of cryptographic hash functions designed to provide data integrity by producing a fixed-size hash value from input data. In the context of TLS, SHA is typically used for creating message digests to ensure data integrity and authenticity.

Significance in TLS

Security: The combination of 3DES and CBC provides a robust mechanism for ensuring confidentiality and integrity of data transmitted over a network. While DES alone is not secure by modern standards, 3DES improves security significantly by mitigating weaknesses through multiple rounds of encryption.

Data Integrity: SHA ensures that the data has not been tampered with during transmission. Any alteration of the data would result in a different hash value, which can be detected by the receiver.

Legacy Support: Despite newer and more secure alternatives like AES (Advanced Encryption Standard) being available, DES CBC3 SHA is sometimes still supported for compatibility with older systems and for compliance with specific standards that require its use.

Summary

DES CBC3 SHA in TLS refers to using the Triple DES encryption algorithm in CBC mode, along with SHA for hashing. This combination ensures confidentiality, integrity, and compatibility, although it's generally considered less secure than more modern algorithms like AES. Its use in TLS highlights the balance between maintaining security and providing compatibility with older systems.

4 Months

Interviews

Parent Categories