Why is Double DES considered insecure?

• A. Because it is vulnerable to meet-in-the-middle attacks.
• B. It is too slow.
• C. It requires too much memory.
• D. It uses only one DES operation.

Answer: (A)

Double DES is vulnerable because doubling the encryption with two DES keys does not simply double security; it opens the door to a meet-in-the-middle attack. In this scenario, an attacker takes the known plaintext and encrypts it with every possible first key, storing the intermediate results. Separately, they decrypt the ciphertext with every possible second key and look for a match with those stored intermediates. When a match is found, the pair of keys is revealed. This attack dramatically lowers the effective security from about 112 bits to roughly 57 bits, making it feasible to break with practical resources. The weakness comes from the attack method itself, not from speed or memory alone, and it’s why this approach isn’t considered secure compared with alternatives like three-key DES or AES.