71

Which one is more secure and least possible to be broken through cryptanalysis AES or 3DES (no matter performance)?

I need to use encryption for my projects to store and secure sensitive information which includes bank accounts, sort codes, and third party data related bank. I am currently considering using 3DES in CFB mode, but I am not very sure if it is the best option and what are other alternatives.

I know the title does not give much idea what the question is about, but I couldn't think of something better.

makerofthings7
  • 50,918
  • 55
  • 261
  • 556
DaGhostman Dimitrov
  • 911
  • 1
  • 7
  • 11

2 Answers2

77

Go for AES.

AES is the successor of DES as standard symmetric encryption algorithm for US federal organizations. AES uses keys of 128, 192 or 256 bits, although, 128 bit keys provide sufficient strength today. It uses 128 bit blocks, and is efficient in both software and hardware implementations. It was selected through an open competition involving hundreds of cryptographers during several years.

DES is the previous "data encryption standard" from the seventies. Its key size is too short for proper security. The 56 effective bits can be brute-forced, and that has been done more than ten years ago. DES uses 64 bit blocks, which poses some potential issues when encrypting several gigabytes of data with the same key.

3DES is a way to reuse DES implementations, by chaining three instances of DES with different keys. 3DES is believed to still be secure because it requires 2112 operations which is not achievable with foreseeable technology. 3DES is very slow especially in software implementations because DES was designed for performance in hardware.

Resources:
http://www.differencebetween.net/technology/difference-between-aes-and-3des http://www.icommcorp.com/downloads/Comparison%20AES%20vs%203DES.pdf (offline, still in the Web Archive)

forest
  • 66,706
  • 20
  • 212
  • 270
Cristian Dobre
  • 9,897
  • 1
  • 32
  • 51
  • 2
    AES and other NIST standards aren't very good in software – Andrei Botalov Jan 02 '13 at 20:17
  • 12
    @AndreyBotalov: for the case AES, this is a quite biased view. At the time of the AES selection process (I was there !), after having assembled lots of analysis to the effect that 13 of the 15 candidates looked "rock solid", a lot of performance measurements were done, and Rijndael was one of the "fast" ciphers. Actually it was the one which was the most consistently fast across many architectures, and that was very instrumental in its choice. RC6 was faster on a PC but a PC is the last platform to have real encryption performance issues. AES beats RC6 on smartcards and small ARM/Mips. – Thomas Pornin Jan 03 '13 at 21:12
  • 7
    Plus we now have AES extensions in modern processors, which can massively increase the speed of the cipher. – Polynomial Jan 10 '13 at 09:16
52

Neither 3DES nor AES is breakable with current technology (and foreseeable technology as well). However, you may encounter some security issues with 3DES if you encrypt more than about 32 gigabytes of data with a single key, whereas the limit is much higher with AES (this is due to the block size; 3DES uses 64-bit blocks, which can lead to trouble after processing 264/2 blocks, i.e. 32 gigabytes; AES uses 128-bit blocks, for a limit of 2128/2 blocks, i.e. 268 bytes, also known as "quite a lot of data").

Since AES is also noticeably faster than 3DES, there is little reason to use 3DES for new designs.

forest
  • 66,706
  • 20
  • 212
  • 270
Thomas Pornin
  • 326,555
  • 60
  • 792
  • 962