If one wishes to use DES to encrypt files stored on a hard disk, it is
not feasible to frequently change the DES keys, as this would entail
decrypting and then re-encrypting all files upon each key change.
Instead, one should have a master DES key with which one encrypts the
list of DES keys used to encrypt the files; one can then change the
master key frequently without much effort.
A powerful technique for improving the security of DES is triple
encryption, that is, encrypting each message block under three
different DES keys in succession. Triple encryption is thought to be
equivalent to doubling the key size of DES, to 112 bits, and should
prevent decryption by an enemy capable of single-key exhaustive search.
Of course, using triple-encryption takes three times as long as
Aside from the issues mentioned above, DES can be used for encryption
in several officially defined modes. Some are more secure than others.
ECB (electronic codebook) mode simply encrypts each 64-bit block of
plaintext one after another under the same 56-bit DES key. In CBC
(cipher block chaining) mode, each 64-bit plaintext block is XORed with
the previous ciphertext block before being encrypted with the DES key.
Thus the encryption of each block depends on previous blocks and the
same 64-bit plaintext block can encrypt to different ciphertext
depending on its context in the overall message. CBC mode helps protect
against certain attacks, although not against exhaustive search or
differential cryptanalysis. CFB (cipher feedback) mode allows one to
use DES with block lengths less than 64 bits.
In practice, CBC is the most widely used mode of DES, and is specified in several standards. For additional security, one could use triple encryption with CBC, but since single DES in CBC mode is usually considered secure enough, triple encryption is not often used.