Expressvpn Glossary
Triple DES
What is Triple DES?
Triple Data Encryption Standard (Triple DES or 3DES) is a symmetric block cipher algorithm that applies the DES algorithm three times to each block of data. It was designed to address known weaknesses in DES while remaining compatible with existing DES-based infrastructure.
Triple DES is now considered a legacy standard, deprecated by major standards bodies, and largely replaced by Advanced Encryption Standard (AES).
How does Triple DES work?
Triple DES encrypts data by running DES three times in sequence using separate cryptographic keys. It follows an encrypt–decrypt–encrypt (EDE) pattern:
- First encryption: The plaintext is encrypted with the first key (K1).
- Decryption stage: The output is processed using DES in decryption mode with a second key (K2).
- Final encryption: The result is encrypted once more with a third key (K3) to produce the final ciphertext.
Triple DES operates on 64-bit blocks, the same block size as DES. Repeating the algorithm increases resistance to brute force attacks compared with single DES.
Key length options in Triple DES
Triple DES supports different keying options.
| Keying option | Relationship between keys | Effective key strength |
| 3-key 3DES | K1 ≠ K2 ≠ K3 | 112 bits |
| 2-key 3DES | K1 = K3 ≠ K2 | 80 bits |
| DES equivalent | K1 = K2 = K3 | 56 bits |
The 2-key and 3-key variants were commonly used in practice. The DES-equivalent option provides no additional security and is not used in modern systems.
Why is Triple DES important?
Triple DES was introduced in the late 1990s to address known vulnerabilities in DES, particularly its short 56-bit key length, which had become susceptible to brute force attacks. It allowed organizations to improve security without completely replacing their existing DES-based infrastructure.
For several decades, Triple DES cryptography served as a transitional standard between early encryption methods and modern standards such as AES. It also demonstrated how iterative application of an existing cipher could extend its useful lifespan.
Today, its importance is mainly historical and practical, as it still appears in legacy systems and during cryptographic migrations.
Where is Triple DES used?
Most modern platforms have migrated away from Triple DES, but it still appears in older systems that have not yet been upgraded.
Legacy environments where it can still be found include the following:
- Banking infrastructure and payment card processing systems.
- Older hardware security modules (HSMs).
- Legacy enterprise applications.
- ATM networks.
- Systems undergoing gradual cryptographic modernization.
Triple DES vs. AES
AES has largely replaced Triple DES due to stronger security, larger block sizes, and significantly better performance.
| Feature | Triple DES | AES |
| Block size | 64 bits | 128 bits |
| Key length | 80 bits (2-key) or 112 bits (3-key) | 128, 192, or 256 bits |
| Performance | Slower due to three encryption passes | Faster and more efficient |
| Security status | Deprecated by the National Institute of Standards and Technology (NIST); disallowed from 2024 | Current global encryption standard |
| Typical use | Legacy systems | Modern applications and protocols |
Further reading
- What is OpenVPN, and how does it work?
- SSL VPN vs. IPsec: Which VPN protocol is right for you?
- WireGuard vs. IPsec: Which VPN protocol is better?
- What is AES encryption?
- What is Blowfish encryption, and how does it work?
