Hugo van der Kooij

3DES getting A- rating?

Discussion created by Hugo van der Kooij on Oct 6, 2016
Latest reply on Oct 18, 2016 by Rob Moss

I noticed that 3DES now is in fact considered weak with the latest info avaiable.

 

But websites that promote 3DES as the prefered encryption methode over AES128 and AES256 should not be able to get a A- rating.

 

I see 2 concerns here:

 1. If the preference order is listing weaker ciphers first it is a sign of poor judgement in terms of security.

 2. If the website still promotes 3DES as cipher it should also lower the rating.

 

I noticed this particular behaviour on www.ryanair.com, www.ohra.nl, www.interpolis.nl

And I fear there will be other websites that use weak mechaniscmes and still get a A- rating.

Outcomes