The US National Institute of Standards and Technology (NIST) has just announced withdrawal of approval for triple DES (also known as 3DES, TDEA and sometimes DES EDE) in common protocols such as TLS and IPSec. In other applications, they propose a restriction to just 8MB of data before changing keys. Why are they doing this and what are the consequences?
Update March 2018 You can read about how to test PCI-DSS Cryptography compliance with our Analyzer software, or check out the new PCI DSS version 3.2 requirements for cryptography.
Original post
Cryptography is sufficiently complex to make writing a single compliance document that ensures security impossible. There are nonetheless various industry compliance guidelines that try to ensure the biggest mistakes are avoided. The PCI-DSS standard, now in version v3.1, describes security requirements for processing electronic payments and includes some interesting crypto advice.
