|
After April 1, 2002 (but before April 1, 2003) any installed or replaced ATM is required
to be capable of 3DES encryption. This means the ATM must support 3DES encryption
(when required), but the ATM could be operated using standard DES encryption keys.
After April 1, 2003 (but before December 31 2005) any installed or replaced ATM will
need to be 3DES compliant. This means the ATM must support 3DES as well as have 3DES
encryption key installed while operating.
After December 31, 2005, all ATMs must support and use 3DES encryption. ATMs already
in operation prior to this date will be required to upgraded to use 3DES encryption.
April 1, 2005. All online host interfaces who are MasterCard/Cirrus/Maestro participants
will need to be using 3DES for the encryption of PIN Blocks. Not all machines can
be 3DES upgraded. Some upgrades will include keypad, router or modem and monitor.
If your ATM was installed prior to April of 2002 and is not 3DES compliant, it will
most likely be out of order on January 1, 2006.
Let ATMdepot.com do a free
evaluation of your ATM to make sure your compliant.
|
|
DES is
an acronym for Data Encryption Standard. Encryption is the transformation of data
to a form which is impossible to read without the appropriate knowledge or key. There
are different approaches to cryptography like public / secret key encryption and different
algorithms are used for each type of system. 3DES is
a cryptosystem, which can encrypt and decrypt data using a single secret key.
The Data Encryption Standard (DES) was developed by an IBM team around 1974 and adopted
as a national standard in 1977. 3DES is a revamped variation of this standard due
to the need for higher levels of security. Since computing power has increased substantially
since 1977 the need for increased security (the time it would take to crack standard
DES) is required.
3DES “3DES” is as the name implies three times slower than regular DES but can be
billions of times more secure if used properly. 3DES enjoys much wider use than DES
because DES is so easy to break with today's rapidly advancing technology. In 1998
the Electronic Frontier Foundation, using a specially developed computer called the
DES Cracker, managed to break DES in less than 3 days. And this was done for under
$250,000. The encryption chip that powered the DES Cracker was capable of processing
88 billion keys per second. In addition, back in 1998 it was shown that for a cost
of one million dollars a dedicated hardware device can be built that can search all
possible DES keys in about 3.5 hours. This just serves to illustrate that any organization
with moderate resources can break through DES with very little effort these days.
No sane security expert would consider using standard DES to protect data especially
with the ever-increasing advances in computer technology.
3DES was the answer to many of the shortcomings of DES.
Since it is based on the DES algorithm, it is very easy to modify existing software
to use 3DES. It also has the advantage of proven reliability and a longer key length
that eliminates many of the shortcut attacks that can be used to reduce the amount
of time it takes to break DES.
For the foreseeable future 3DES is an excellent and reliable choice for the security
needs of highly sensitive information include the future of PIN enable ATM transaction
security.
|
|
3DES is simply another mode of DES
operation. It takes three 64-bit keys, for an overall key length of 192 bits. The
procedure for encryption is exactly the same as regular DES, but it is repeated three
times. Hence the name 3DES. The data is encrypted with the first key, decrypted with
the second key, and finally encrypted again with the third key.
Consequently, 3DES runs three times slower than standard DES, but is much more secure
if used properly. The procedure for decrypting something is the same as the procedure
for encryption, except it is executed in reverse. Like DES, data is encrypted and
decrypted in 64-bit chunks.
Note that although the input key for DES is 64 bits long,
the actual key used by DES is only 56 bits in length. The least significant (right
most) bit in each byte is a parity bit, and should be set so that there are always
an odd number of 1’s in every byte. These parity bits are ignored, so only the seven
most significant bits of each byte are used, resulting in a key length of 56 bits.
This means that the effective key strength for 3DES is actually 168 bits because each
of the three keys contains 8 parity bits that are not used during the encryption process.
|