[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tales of the Crypto





               Tales of the Crypto

               U.S. government works to replace Data
               Encryption Standard

               By Jim Kerstetter, PC Week Online 
               01.12.98 10:00 am ET 

               The days of DES, which for the
               past 20 years has been the
               foundation for government and
               commercial cryptography around
               the world, are numbered.

               The U.S. government has
               embarked on an expansive
               project to replace the Data
               Encryption Standard. By the end
               of this year, a panel of
               cryptographers, headed by the
               National Institute of Standards
               and Technology, is expected to
               pick a new cryptographic
               algorithm to replace DES as the
               government's standard.

               The changeover to the new
               algorithm, to be called the
               Advanced Encryption Standard,
               won't happen overnight. In fact,
               the selection process could end
               up taking years. But whatever
               AES ultimately becomes, one
               thing is clear: The new standard
               will force major change for both
               the IT and developer
               communities.

               Anyone selling the government software that uses
               encryption for security will have to support the AES
               algorithm, which could become the standard for
               decades to come. Corporations conducting secure
               transactions with the government over the Internet will
               also have to rely on software that supports AES. And,
               in several years, AES could replace DES for private-key
               encryption in most commercial security algorithms.

               "Right now, I'm using PGP [Pretty Good Privacy] for
               some things. But the bulk of what we use here is with
               DES," said Paul O'Donnell, security manager at an
               Illinois manufacturer. "Should I be paying attention to
               what they [NIST] are doing? I suppose so."

               It's a change many say is overdue. DES was developed
               by IBM and the government in the 1970s. It was
               intended to last five to 10 years, said Dennis Branstad,
               an early DES developer for NIST's forerunner, the
               Institute of Computer Sciences and Technology.

               "It was a good algorithm. It turned out to be better
               than we thought," said Branstad, now director of
               cryptographic technologies at Trusted Information
               Systems Inc., in Glenwood, Md. "But it took longer to
               be accepted than we thought it would. There was no
               demand for it."

               DES is a symmetric, or private, key algorithm in which
               both the sender and receiver of a message must have a
               copy of the private key. It also can be used to encrypt
               data on a hard disk. It is found in an array of security
               protocols in the corporate world, ranging from secure
               E-mail software to virtual private network technology.

               DES' 56-bit private keys were unhackable until last
               year, when a nationwide network of computer users
               broke a DES key in 140 days--hardly an easy effort,
               but a harbinger of things to come as processing speed
               increases. Some experts now argue that it could take
               less than a week to break DES, with less than
               $100,000 worth of hardware. According to John Callas,
               chief technology officer of the Total Network Security
               Division of Network Associates Inc., a good hacker,
               with about $50,000 worth of specialty hardware, could
               crack a DES key in an hour.

               "Anybody who can afford a BMW can afford a DES
               cracker," said Callas, whose hypothesis will be tested
               in DES Challenge II this week at the RSA Data
               Security Conference, in San Francisco.

               Since most experts agree it's time to replace DES, the
               question becomes, Just what will AES be?

               Last summer, NIST released a 30-page document
               outlining its recommendations for a DES replacement
               and asking for submissions. There are three minimum
               technical criteria:

                    The algorithm must be symmetric, or private, key.
                    Public algorithms, such as elliptic curve (see
                    related story) and Diffie-Hellman, though useful
                    for authentication and the initial handshake
                    between users, are considered too slow.

                    The algorithm must be a "block cipher." Within
                    the realm of symmetric keys there are two basic
                    types of ciphers, block and stream. A block
                    cipher, like DES, encrypts specific chunks of
                    data. A stream cipher, like RSA Data Security
                    Inc.'s RC4 algorithm, encrypts a steady flow of
                    information. RC4 is the base encryption engine
                    for Secure Sockets Layer, the security technology
                    used in browsers. Some cryptographers are
                    pushing NIST to consider stream ciphers because
                    of their growing popularity.

                    The algorithm has to be capable of supporting key
                    lengths ranging from 128 bits to 256 bits and
                    variable blocks of data.

               AES must also be efficient. Triple DES, a later version
               of the government's algorithm also developed by IBM,
               is far more secure than DES, running the 56-bit
               encryption three times. But that strength is also its
               weakness, because the repetition cycle slows it down
               considerably.

               Finally, the AES algorithm has to be made public and
               royalty-free. That could prove to be a sticking point for
               RSA, of Redwood City, Calif., which has traditionally
               held on to the royalties of its cryptographic creations.

               A conference at which cryptographers will present
               their algorithms is scheduled for this summer. And
               although NIST officials hope their analysis will be
               completed in 1998, many think it may take years to
               review the submittals, which are due by April 15.

               Major security vendors are noncommittal on proposing
               an algorithm. IBM, which created DES, with help from
               the National Security Agency, is hedging on whether it
               will participate. Triple DES is considered a likely entry,
               but its inefficiency could make it a difficult sell.
               Another IBM algorithm, DES/SK, could be in the
               running. RSA, if it decides to enter, could submit
               either its RC4 algorithm (the stream cipher) or RC5,
               which is a block cipher.

               Other likely competitors include Cast, a royalty-free
               algorithm controlled by Entrust Technologies Inc., or
               the unpatented Blowfish algorithm, created by Bruce
               Schneier.

               "It will be a standard for 20 to 30 years, in legacy
               systems for at least another 10, securing data that
               might need to be secured for at least another 20,"
               Schneier wrote in a letter to NIST. "This means we are
               trying to estimate security in the year 2060. I can't
               estimate security 10 years from now, let alone 60. The
               only wise option is to be very conservative."

                       A Data Encryption Standard primer

                     What is DES?
                     It was designed by IBM and endorsed by the U.S.
                     government in 1977.

                     What kind of encryption key does DES use?
                     A symmetric, or private, key in which both the sender
                     and the receiver know the key. It can also be used to
                     encrypt data on a hard disk.

                     What key length does DES use?
                     56 bits.

                     Is DES safe?
                     For most purposes, yes. But DES was hacked for the
                     first time last year, and cryptographers worry that
                     improved processing speeds will spell its demise.