1
  
2
  
3
  
4
  
5
  
6
  
7
  
8
  
9
  
10
  
11
  
12
  
13
  
14
  
15
  
16
  
17
  
18
  
19
  
20
  
21
  
22
  
23
  
24
  
25
  
26
  
27
  
28
  
29
  
30
  
31
  
32
  
33
  
34
  
35
  
36
  
#pike __REAL_VERSION__ 
#pragma strict_types 
#require constant(Nettle.DES3) 
 
//! The inadequate key size of @[DES] has already been mentioned. One 
//! way to increase the key size is to pipe together several DES boxes 
//! with independent keys. It turns out that using two DES ciphers is 
//! not as secure as one might think, even if the key size of the 
//! combination is a respectable 112 bits. 
//! 
//! The standard way to increase DES's key size is to use three DES 
//! boxes. The mode of operation is a little peculiar: the middle DES 
//! box is wired in the reverse direction. To encrypt a block with 
//! DES3, you encrypt it using the first 56 bits of the key, then 
//! decrypt it using the middle 56 bits of the key, and finally 
//! encrypt it again using the last 56 bits of the key. This is known 
//! as "ede" triple-DES, for "encrypt-decrypt-encrypt". 
//! 
//! The "ede" construction provides some backward compatibility, as 
//! you get plain single DES simply by feeding the same key to all 
//! three boxes. That should help keeping down the gate count, and the 
//! price, of hardware circuits implementing both plain DES and DES3. 
//! 
//! DES3 has a key size of 168 bits, but just like plain DES, useless 
//! parity bits are inserted, so that keys are represented as 24 
//! octets (192 bits). As a 112 bit key is large enough to make brute 
//! force attacks impractical, some applications uses a "two-key" 
//! variant of triple-DES. In this mode, the same key bits are used 
//! for the first and the last DES box in the pipe, while the middle 
//! box is keyed independently. The two-key variant is believed to be 
//! secure, i.e. there are no known attacks significantly better than 
//! brute force. 
 
inherit Nettle.DES3;