Is the 3DES algorithm secure?

NIST still recognizes 3DES (ANSI X9.52-1998) as a secure symmetric-key encryption algorithm when configured to operate as described in NIST SP 800-20. There are still Cryptographic Algorithm Validation Program (CAVP) certificates issued for 3DES in 2016. However, many open source projects (e.g. OpenSSL) and international certification standards (e.g. Common Criteria) already deprecated 3DES.

The reason 3DES is being phased out is due to various vulnerabilities (e.g. collision attacks like sweet32). While there are still ways to compensate (e.g. frequent rekey, disabling CBC mode) to prolong its life, there is no good reason not to switch to AES.

So are you vulnerable RIGHT NOW? Not if you correctly implemented and configured 3DES. Should you be planning your move to AES? Absolutely! It is only matter of time until 3DES is too broken to be considered secure.


3DES is anyways an old algorithm which has many known loopholes like slowness, meet in the middle vulnerability etc. World has adopted AES now-a-days. In short it difficult to win an argument in favour of 3DES. But, for any reason, if you have to implement it (legacy or incompatibility issues) I suggest you take a look into NIST SP 800 - 67 , this is recommendations for 3DES\3DEA check usage guidance (3.5 Usage Guidance ) and ensure that you are in sync.

Second would be have a look into "NIST Special Publication 800-57" which are recommendation for key management. NIST has approved 3DES-CBC (Cipher Block Chaining) as mentioned in this paper.

In case you want to change your cryptography library check their FIPS 140 validation status. That way you can ensure that best practices are been followed. Crypto++ as suggested by @Kirill seems to have some FIPS validation passed for some algorithms.


3DES official status was downgraded by NIST in the fall of 2017. According to SP 800-67 Rev. 2, the amount of data to be encrypted by by a single, 3-key set must be limited to 8Gb. Also, the version of 3DES that uses only two unique keys is now entirely deprecated.

The suitability of an algorithm for a particular use case is determined by the strength of the algorithm, against known attacks and an estimate of how long the encryption must remain strong. 3DES strength is described based on it's effective key length of 112 bits, which is the weakest allowable symmetric encryption algorithm. Since multiple attacks have been demonstrated, it's longevity must be considered very questionable. I don't know what NIST FISMA says about this point today, but IMPO, 3DES can not be viewed as strong protection for anything that will be kept any length of time.