The National Institute of Standards and Technology
(NIST) is proposing that the Data Encryption Standard (DES), a
popular encryption algorithm, lose its certification for use in
software products sold to the government.
The advent of massively parallel computing has rendered DES
inadequate to protect federal government information, NIST
said.
The institute, part of the US Department of Commerce, is
proposing that the government withdraw Federal Information
Processing Standard (FIPS) certification for DES, a move that could
have ripple effects throughout the technology sector and force a
wide range of legacy systems into early retirement, according to
one cryptography expert.
DES was the first government-approved standard for encrypting
sensitive information and grew out of research by IBM and the
secretive US National Security Agency (NSA), according to Paul
Kocher, president of Cryptography Research.
The algorithm, sometimes referred to as "single DES" uses a
56-bit key to encrypt blocks of data, and can produce up to
72,000,000,000,000,000 unique keys.
While that number of unique combinations was formidable in the
1970s and 1980s, given the power of computers at that time, experts
were aware that the growth of computing power would, in time,
render the algorithm breakable, and that DES had at most a 15-year
life span, according to NIST.
By the 1990s, computers had become powerful enough that breaking
the DES algorithm was achievable, even for groups with limited
resources. In an 1998 experiment funded by the non-profit civil
liberties group the Electronic Frontier Foundation, Kocher and his
colleagues designed a machine for about $250,000 that could break
one DES key a week, he said.
With computers doubling in speed every 18 months, a similar
system designed with 2004 technology could presumably break a key
in 1/64th of that time using so-called "brute force" methods, which
essentially try every possible key combination until the correct
combination is guessed, Kocher said.
The development of parallel computing, which harnesses the power
of many small computers to work on a single task, also spelled the
end for FIPS, Kocher said.
"I actually expected this to happen a year ago. ... It's gotten
to the point where any government curious enough to break DES
traffic could," he said.
Even malicious hackers in control of an army of virus-infected
"zombie" computers could make short work of the single DES
algorithm, he said.
NIST is proposing that federal agencies only use DES as a
component of the Triple Data Encryption Algorithm (TDEA), also
known as "Triple DES". However, NIST encouraged agencies to
implement the stronger and faster Advanced Encryption Standard
(AES) algorithm instead.
Either Triple DES or AES are "many trillions of times" stronger
than DES and could take decades - or centuries to break, even with
the current rate of advancement in computer processing speed,
Kocher said.
Still, the switch to Triple DES or AES may be difficult for
older software products, many of which were designed to work
exclusively with single DES and may not integrate well with
products using the newer algorithms, he said.
The NIST website lists more than 450 software and hardware
products dating back to 1995. While many of the newer products
approved for use in the government support DES, as well as AES and
Triple DES, older products frequently do not.
While the loss of FIPS certification has not yet been approved,
software vendors with legacy products will likely be scrambling to
update their products to work with the stronger encryption.
That could be good news for the security community, which was
worried about loosely protected data, and for the companies, which
may be able to charge the government for software upgrades to their
products, Kocher said.
Paul Roberts writes for IDG News Service