3.2.3 How does one use DES securely?
When using DES, there are several practical considerations that can affect the security of the encrypted data. One should change DES keys frequently, in order to prevent attacks that require sustained data analysis. In a communications context, one must also find a secure way of communicating the DES key from the sender to the receiver. Use of the RSA algorithm (see Section 3.1) or some other public-key technique for key management solves both these issues: a different DES key is generated for each session, and secure key management is provided by encrypting the DES key with the receiver's public key. The RSA system, in this circumstance, can be regarded as a tool for improving the security of DES (or any other secret-key cipher).
If one wishes to use DES to encrypt files stored on a hard disk, it is not feasible to frequently change the DES keys, as this would entail decrypting and then re-encrypting all files upon each key change. Instead, one might employ a master DES key that encrypts the list of DES keys used to encrypt the files; one can then change the master key frequently without much effort. Since the master key provides a more attractive point of attack than the individual DES keys used on a per file basis, it might be prudent to use triple-DES (see Question 3.2.6) as the encryption mechanism for protecting the file encryption keys.
DES can be used for encryption in several officially defined modes (see Question 2.1.4), and these modes have a variety of properties. ECB (electronic codebook) mode simply encrypts each 64-bit block of plaintext one after another under the same 56-bit DES key. In CBC (cipher block chaining) mode, each 64-bit plaintext block is bitwise XORed with the previous ciphertext block before being encrypted with the DES key. Thus, the encryption of each block depends on previous blocks and the same 64-bit plaintext block can encrypt to different ciphertext blocks depending on its context in the overall message. CBC mode helps protect against certain attacks, but not against exhaustive search or differential cryptanalysis. CFB (cipher feedback) mode allows one to use DES with block lengths less than 64 bits. Detailed descriptions of the various DES modes can be found in [NIS80]. The OFB mode essentially allows DES to be used as a stream cipher.
In practice, CBC is the most widely used mode of DES, and it is specified in several standards. For additional security, one could use triple encryption with CBC (see Question 3.2.6).