Why does the finance industry uses 2TDEA instead of 3TDEA; is there any historic

Question

Why does the finance industry uses 2TDEA instead of 3TDEA; is there any historical reason or technical limitations like the support by HSMs used in the industry? The paper referred to here says simply that the financial industry has not considered 3TDEA as it does not offer extra security. "Triple-DES, noted as 3DES from here on, uses 2 keys, chosen independently at random, to DES encrypt a message multiple times. There are also ways to use 3DES with 3 different keys, but these schemes do not give a significant amount of extra security in theory and are not considered in financial systems." 3TDEA is supposed
to be very secure (I am not a cryptanalyst, but I want to be one), but why has it not been considered?
I think I am missing something big/fundamental here. Can you please help?
P.S: this is not my homework or anything.

Explanation / Answer

It seems to me like they do not see a need for it. It seems as if their idea is its not needed so let's not do it. The way they see it. If you are trying to keep people from opening a box and you shoot that box into space on a rocket does it matter if it lands on Mars or Pluto? While yes it's harder to reach Pluto and takes longer nobody on mars is opening your box anyway. Once people are able to reach mars maybe then they'll start thinking about Pluto but that's a bridge they'll cross when they come to it.

IMO: Banks don't like change. Updating takes time and money. More things the bank doesn't like to use. Any changes that doesn't bring profit are usually only done when they have to be. Also I'm not sure if this is the definate reason. If I am off I'll delete the answer.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.