I have a serious question: does anyone still use DES?
It's easy to assume that nobody does but then one finds people using all kinds of stuff like "deprecated" hashes used on old certificate signatures. If one took those hashes out, one could not check those signatures.
There is all sorts of stuff in use in industry, where it continues to run happily. If you are in the IOT space (and MbedTLS definitely is) this is a question worth asking.
Regards,
Peter
Hello,
We intend to remove DES (including Triple-DES) in the next major version of Mbed TLS, i.e. Mbed TLS 4.0. We do not yet have a release date, but at the moment it seems likely that there will be a new major version in 2024. As usual, the Mbed TLS 3.x series will keep the current support for DES, and we intend to maintain the last 3.x minor release as a long-term support branch for 3 years.
Rationale: Most security standards deprecate DES if they do not forbid it already. Tooling is widely available to switch to AES or other cipher. In particular, NIST will forbid Triple-DES except to decrypt legacy data after 31 December 2023 (following SP 800-131A https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf). We would like to remove the last 64-bit block cipher from Mbed TLS to simplify some parts of the code and reduce the maintenance burden.
If you wish for Mbed TLS to keep supporting DES longer, please let us know what your business case is, either by replying to this email or on the GitHub issue: https://github.com/Mbed-TLS/mbedtls/issues/7024
Best regards,