• InfoWorldNIST says DES encryption 'inadequate'.

    Massively parallel computing has rendered DES breakable, standards institute claims

    National Institute of Standards and Technology (NIST) is proposing that
    the Data Encryption Standard (DES), a popular encryption algorithm,
    lose its certification for use in software products sold to the

    The advent of massively parallel computing has
    rendered DES inadequate to protect federal government information, NIST
    said. The institute, part of the U.S. Department of Commerce, is
    proposing that the government withdraw Federal Information Processing
    Standard (FIPS) certification for DES, a move that could have ripple
    effects throughout the technology sector and force a wide range of
    legacy systems into early retirement, according to one cryptography

    DES was the first government-approved standard for encrypting sensitive information and grew out of research by IBM Corp. and the secretive U.S. National Security Agency (NSA),
    according to Paul Kocher, president of Cryptography Research Inc. The
    algorithm, sometimes referred to as “single DES” uses a 56-bit key to
    encrypt blocks of data, and can produce up to 72,000,000,000,000,000
    unique keys.

    While that number of unique combinations was
    formidable in the 1970s and '80s, given the power of computers at that
    time, experts were aware that the growth of computing power would, in
    time, render the algorithm breakable, and that DES had at most a
    15-year life span, according to NIST.

    By the 1990s, computers
    had become powerful enough that breaking the DES algorithm was
    achievable, even for groups with limited resources. In an 1998
    experiment funded by the nonprofit civil liberties group the Electronic Frontier Foundation, Kocher and his colleagues designed a machine for about $250,000 that could break one DES key a week, he said.

    computers doubling in speed every 18 months, a similar system designed
    with 2004 technology could presumably break a key in 1/64th of that
    time using so-called “brute force” methods, which essentially try every
    possible key combination until the correct combination is guessed,
    Kocher said.

    The development of parallel computing, which
    harnesses the power of many small computers to work on a single task,
    also spelled the end for FIPS, Kocher said.

    “I actually
    expected this to happen a year ago. … It's gotten to the point where
    any government curious enough to break DES traffic could,” he said.

    malicious hackers in control of an army of virus-infected “zombie”
    computers could make short work of the single DES algorithm, he said.  [Privacy Digest]

  • Leave a comment