#pike __REAL_VERSION__ #pragma strict_types
//! The inadequate key size of @[DES] has already been mentioned. One //! way to increase the key size is to pipe together several DES boxes //! with independent keys. It turns out that using two DES ciphers is //! not as secure as one might think, even if the key size of the //! combination is a respectable 112 bits. //! //! The standard way to increase DES's key size is to use three DES //! boxes. The mode of operation is a little peculiar: the middle DES //! box is wired in the reverse direction. To encrypt a block with
//! DES3 has a key size of 168 bits, but just like plain DES, useless //! parity bits are inserted, so that keys are represented as 24 //! octets (192 bits). As a 112 bit key is large enough to make brute //! force attacks impractical, some applications uses a "two-key" //! variant of triple-DES. In this mode, the same key bits are used //! for the first and the last DES box in the pipe, while the middle //! box is keyed independently. The two-key variant is believed to be //! secure, i.e. there are no known attacks significantly better than //! brute force.
#if constant(Nettle) && constant(Nettle.DES3)