Formally deprecate the DES module #7024
Labels
component-crypto
Crypto primitives and low-level interfaces
enhancement
size-s
Estimated task size: small (~2d)
Triple-DES (a.k.a 3DES a.k.a. DES3) is on its way out. NIST SP 800-131A disallows TDEA encryption after 31 December 2023 (decryption of legacy data remains allowed). 3DES was widely deprecated for TLS after Sweet32 in 2016, and we removed 3DES in TLS in Mbed TLS 3.0. Today, the main use of (3)DES in Mbed TLS is to support encrypted PEM files.
Currently (as of Mbed TLS 3.3.0), we have warnings in the documentation saying not to use single-key DES. Our plans regarding DES and 3DES are:
The goal of this task is to deprecate DES (including 3DES). That is:
\deprecated
Doxygen directive. (enum
constants might be excluded from\deprecated
if that's a problem, because we don't exclude them from the build.)MBEDTLS_DEPRECATED
annotation.MBEDTLS_DEPRECATED_NUMERIC_CONSTANT
(orMBEDTLS_DEPRECATED_STRING_CONSTANT
if applicable).This may require tweaking some CI scripts to disable
MBEDTLS_DES_C
when testing withMBEDTLS_DEPRECATED_WARNING
orMBEDTLS_DEPRECATED_REMOVED
.The text was updated successfully, but these errors were encountered: