From: Anonymous <anon@anon.efga.org>
To: cypherpunks@toad.com
Message Hash: c1d683083699ac4e446bb22899d08ad0334da72866366226e72238776f896bf1
Message ID: <f55caa4c652027afccfaa90c2e376c6f@anon.efga.org>
Reply To: N/A
UTC Datetime: 1998-01-13 03:38:59 UTC
Raw Date: Tue, 13 Jan 1998 11:38:59 +0800
From: Anonymous <anon@anon.efga.org>
Date: Tue, 13 Jan 1998 11:38:59 +0800
To: cypherpunks@toad.com
Subject: Tales of the Crypto
Message-ID: <f55caa4c652027afccfaa90c2e376c6f@anon.efga.org>
MIME-Version: 1.0
Content-Type: text/plain
Tales of the Crypto
U.S. government works to replace Data
Encryption Standard
By Jim Kerstetter, PC Week Online
01.12.98 10:00 am ET
The days of DES, which for the
past 20 years has been the
foundation for government and
commercial cryptography around
the world, are numbered.
The U.S. government has
embarked on an expansive
project to replace the Data
Encryption Standard. By the end
of this year, a panel of
cryptographers, headed by the
National Institute of Standards
and Technology, is expected to
pick a new cryptographic
algorithm to replace DES as the
government's standard.
The changeover to the new
algorithm, to be called the
Advanced Encryption Standard,
won't happen overnight. In fact,
the selection process could end
up taking years. But whatever
AES ultimately becomes, one
thing is clear: The new standard
will force major change for both
the IT and developer
communities.
Anyone selling the government software that uses
encryption for security will have to support the AES
algorithm, which could become the standard for
decades to come. Corporations conducting secure
transactions with the government over the Internet will
also have to rely on software that supports AES. And,
in several years, AES could replace DES for private-key
encryption in most commercial security algorithms.
"Right now, I'm using PGP [Pretty Good Privacy] for
some things. But the bulk of what we use here is with
DES," said Paul O'Donnell, security manager at an
Illinois manufacturer. "Should I be paying attention to
what they [NIST] are doing? I suppose so."
It's a change many say is overdue. DES was developed
by IBM and the government in the 1970s. It was
intended to last five to 10 years, said Dennis Branstad,
an early DES developer for NIST's forerunner, the
Institute of Computer Sciences and Technology.
"It was a good algorithm. It turned out to be better
than we thought," said Branstad, now director of
cryptographic technologies at Trusted Information
Systems Inc., in Glenwood, Md. "But it took longer to
be accepted than we thought it would. There was no
demand for it."
DES is a symmetric, or private, key algorithm in which
both the sender and receiver of a message must have a
copy of the private key. It also can be used to encrypt
data on a hard disk. It is found in an array of security
protocols in the corporate world, ranging from secure
E-mail software to virtual private network technology.
DES' 56-bit private keys were unhackable until last
year, when a nationwide network of computer users
broke a DES key in 140 days--hardly an easy effort,
but a harbinger of things to come as processing speed
increases. Some experts now argue that it could take
less than a week to break DES, with less than
$100,000 worth of hardware. According to John Callas,
chief technology officer of the Total Network Security
Division of Network Associates Inc., a good hacker,
with about $50,000 worth of specialty hardware, could
crack a DES key in an hour.
"Anybody who can afford a BMW can afford a DES
cracker," said Callas, whose hypothesis will be tested
in DES Challenge II this week at the RSA Data
Security Conference, in San Francisco.
Since most experts agree it's time to replace DES, the
question becomes, Just what will AES be?
Last summer, NIST released a 30-page document
outlining its recommendations for a DES replacement
and asking for submissions. There are three minimum
technical criteria:
The algorithm must be symmetric, or private, key.
Public algorithms, such as elliptic curve (see
related story) and Diffie-Hellman, though useful
for authentication and the initial handshake
between users, are considered too slow.
The algorithm must be a "block cipher." Within
the realm of symmetric keys there are two basic
types of ciphers, block and stream. A block
cipher, like DES, encrypts specific chunks of
data. A stream cipher, like RSA Data Security
Inc.'s RC4 algorithm, encrypts a steady flow of
information. RC4 is the base encryption engine
for Secure Sockets Layer, the security technology
used in browsers. Some cryptographers are
pushing NIST to consider stream ciphers because
of their growing popularity.
The algorithm has to be capable of supporting key
lengths ranging from 128 bits to 256 bits and
variable blocks of data.
AES must also be efficient. Triple DES, a later version
of the government's algorithm also developed by IBM,
is far more secure than DES, running the 56-bit
encryption three times. But that strength is also its
weakness, because the repetition cycle slows it down
considerably.
Finally, the AES algorithm has to be made public and
royalty-free. That could prove to be a sticking point for
RSA, of Redwood City, Calif., which has traditionally
held on to the royalties of its cryptographic creations.
A conference at which cryptographers will present
their algorithms is scheduled for this summer. And
although NIST officials hope their analysis will be
completed in 1998, many think it may take years to
review the submittals, which are due by April 15.
Major security vendors are noncommittal on proposing
an algorithm. IBM, which created DES, with help from
the National Security Agency, is hedging on whether it
will participate. Triple DES is considered a likely entry,
but its inefficiency could make it a difficult sell.
Another IBM algorithm, DES/SK, could be in the
running. RSA, if it decides to enter, could submit
either its RC4 algorithm (the stream cipher) or RC5,
which is a block cipher.
Other likely competitors include Cast, a royalty-free
algorithm controlled by Entrust Technologies Inc., or
the unpatented Blowfish algorithm, created by Bruce
Schneier.
"It will be a standard for 20 to 30 years, in legacy
systems for at least another 10, securing data that
might need to be secured for at least another 20,"
Schneier wrote in a letter to NIST. "This means we are
trying to estimate security in the year 2060. I can't
estimate security 10 years from now, let alone 60. The
only wise option is to be very conservative."
A Data Encryption Standard primer
What is DES?
It was designed by IBM and endorsed by the U.S.
government in 1977.
What kind of encryption key does DES use?
A symmetric, or private, key in which both the sender
and the receiver know the key. It can also be used to
encrypt data on a hard disk.
What key length does DES use?
56 bits.
Is DES safe?
For most purposes, yes. But DES was hacked for the
first time last year, and cryptographers worry that
improved processing speeds will spell its demise.
Return to January 1998
Return to “Anonymous <anon@anon.efga.org>”
1998-01-13 (Tue, 13 Jan 1998 11:38:59 +0800) - Tales of the Crypto - Anonymous <anon@anon.efga.org>