I've written a DES implementation as an exercice and am now wondering if and where (triple-)DES is used today.

I've read about banking cards using it, but I can't find any reliable source for it.

Triple-DES is still in use today but is widely considered a legacy encryption algorithm. DES is inherently insecure, while Triple-DES has much better security characteristics but is still considered problematic.

NIST is the government organization that standardizes on cryptographic algorithms. The most current symmetric-key encryption algorithm NIST standard is AES, the Advanced Encryption Standard. In fact, there were a number of good nominations to be NIST's AES, including the Rijndael algorithm which became AES, as well as Bruce Schneier's Blowfish, the Twofish algorithm, and the Serpent algorithm.

EDIT: @David Koontz replied to this post, and I had a chance to look 5 years into the past. I'm leaving my post intact below, but for anyone reading this now, avoid 3DES if you have the opportunity, and if not, get an expert to look at your specific system. There's no guarantee that a general answer will apply to your situation, in computer security especially.

Yes.

3DES is broken, but when a cryptographer says "broken," that means something very specific: that an attacker can break the key in better-than-brute-force time. 3DES has a key length of 168 bits, which is reduced to 112 bits by some meet-in-the-middle attack cleverness. And, to quote Wikipedia, "it is designated by NIST to have only 80 bits of security."

It's pretty badly broken, but even so, 80 bits makes for a very big number; 3DES is plenty good for beating people with fewer resources than the NSA, for example, and it will be for maybe 10 or 15 years, with some luck. The incentive to replace 3DES it isn't high enough for a lot of people who aren't using it to protect expensive things.

The OpenSSL library provides reliable source code for 3DES and many other cryptographic algorithms. The libcrypto documentaton on the DES_* functions describes what is available.

You are right about banking. But everything happens in hardware level. One popular technology is HSM.

To answer your question of where 3DES is being used, I would like to add that Microsoft OneNote, Microsoft Outlook 2007 and Microsoft System Center Configuration Manager 2012 use Triple DES to password protect user content and system data.

See also:

1. 1.Daniel Escapa's OneNote Blog - Encryption for Password Protected Sections, November 2006
2. Microsoft TechNet product documentation - Technical Reference for Cryptographic Controls Used in Configuration Manager, October 2012

I'll bet some banking cards in fact use triple des. It is remarkable how running a business ( in the real world ) diverges from what one would think just from studying the problem. Just interested or is there an actual challenge at hand? ( be it study assignment or otherwise )

3DES has a Problem described already in two CVE Issues which is called the SWEET32 Issue. Its base Cipher Dephth is 64Bit (though used along three Rounds) so it belongs to a Family of originally weak Ciphers as well From today's Standpoint of Security in 2017 and its probability to be broken more often and more easily, is should no longer be used.