[VPN] How to calculate Key Length in DES and 3DES?

Ryan Malayter rmalayter at bai.org
Mon Feb 24 19:37:50 EST 2003

There are 95 visible characters on a US keyboard, and log2(95) = 6.55,
so there are about 6.57 bits of entropy per character. That means you
need at least 9 characters for a single-DES key, and at least 18
characters for a tripe-DES key. (In most cases the strength of a
triple-DES implementation is actually 112 bits, not 168 bits, because
the best cryptanalytic attacks against triple-DES only take 2^112

This presumes, of course, that you are using TRULY random strings of
characters, not full words. If you use words, names, or other things you
can easily remember, you are getting much lower security per character.
See www.diceware.com for more information about the entropy of common
words in a password.

You can use a source like www.random.org as a source of random
characters, but I recommend using something you control physically like
dice, coin tosses, a bingo cage, whatever. Do NOT use a random number
generator built into a programming language, unless it is specifically
designed for secure number generation, like the one in GnuPG,
Microsoft's CryptoAPI, or /dev/random on Linux.

I personally use 50-character phrases, consisting only of digits 1-6, to
create all of my sensitive passwords (like VPN shared secrets). I know
they offer 128 bits of security because they were determined solely from
50 dice tosses I controlled with my own hands. For systems which require
a key in hexadecimal format, I simply hash the list of 50 dice toss
results (3215464312...) using the SHA-1 algorithm, and use the first 32
hexadecimal letters, or as many as the system can take. If the system
can't take 32 characters, I convert it using the method found at

Also be careful about the method by which you enter a key into a device.
You may go through all the trouble to create this massively secure key
phrase, then ruin it by sending it unencrypted across a shared network
to the broswer interface of your VPN device. I generally do firewall
security configuration directly connected to the device with a crossover

Ryan Malayter
Sr. Network & Database Administrator
Bank Administration Institute
Chicago, Illinois, USA
PGP Key: http://www.malayter.com/pgp-public.txt
Only the mediocre are at their best all the time.

-----Original Message-----
From: Sandeep Dhadwal [mailto:dhadwal_sandeepsingh at hotmail.com] 
Sent: Sunday, February 23, 2003 5:25 PM
To: vpn at lists.shmoo.com
Subject: [VPN] How to calculate Key Length in DES and 3DES?

Hi All,

I would like to what is the key length in DES and 3 DES.  I know that
supports 56 bit and 3DES 168 bit keys.  But I want to know how many 
characters we can use in both and also how to calculate the length of

Sandeep Singh Dhadwal

The new MSN 8: smart spam protection and 2 months FREE*  

VPN mailing list
VPN at lists.shmoo.com

More information about the VPN mailing list