Skip to content

Enforce 192-bit key length for TripleDES #13928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Enforce 192-bit key length for TripleDES #13928

wants to merge 1 commit into from
+72 −19

Conversation

@alex
Copy link
Member

@alex alex commented Nov 26, 2025

TripleDES now only accepts 24-byte (192-bit) keys. Users needing single DES (1-key) or two-key Triple DES compatibility must expand the key themselves:

  • Single DES (8 bytes): key + key + key
  • Two-key 3DES (16 bytes): key + key[:8]

This change removes the automatic key expansion that was previously done in the TripleDES constructor, making the key length requirement explicit and preventing accidental use of weaker key configurations.

@claude
Deprecate short TripleDES key lengths
1937220 
TripleDES now emits a deprecation warning when 8-byte (single DES) or
16-byte (two-key) keys are passed. In a future release, only 24-byte
(192-bit) keys will be accepted.

Users needing single DES or two-key Triple DES compatibility should
expand the key themselves:
- Single DES (8 bytes): key + key + key
- Two-key 3DES (16 bytes): key + key[:8]
@alex alex force-pushed the claude/enforce-tripledes-key-length-016zncCxwMyqoMNViGQ3a9JQ branch from f0177b0 to 1937220 Compare November 26, 2025 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alex @claude