Could DES/3DES, Please Leave the Stage — Before The End of the Year, if possible?
But, financial cryptography holds steady on 3DES
In 2017, NIST outlined that the use of Triple DES (aka TDEA/TDES) would be gone by the end of 2023. And, just the other day, the industry was put on a warning that DES and 3DES should be gone by the start of 2024 [here]:
But, the magical cipher still exists in smart cards for the banking industry, and in many other areas. The industry was told in 2019, that it would be deprecated throughout 2023, and disallowed after 31 December 2023. But, still, it exists, especially with smart cards. Overall, TDEA will still be allowed for the decryption, key unwrapping, and verification of MACs that have already been used to protect data.
But, for most applications, the migration is fairly easy, but in finance cryptography, we need to beware of disruptions, and so in the use of 3DES in finance, especially with smart bank cards, the advancement to AES has been slow. We also have a long-tail of migrations, and you just can’t just flick a switch and migrate all the smart cards in the world to AES.
