Slashdot Mirror

← Back to Stories (view on slashdot.org)

AES Announced as Federal Standard

Posted by michael on from the government-gets-better-locks dept.

chekhov writes: "Today NIST has finally announced AES (Advanced Encryption Standard) as a Federal Standard after 4 years of development. See the press release. AES is the replacement of DES and is expected to be used in financial systems and secure networks for up to 20 years. More information on the AES homepage."

5 of 267 comments (clear)

  1. Re:European Technology by Hougaard · · Score: 3, Insightful

    Hmmm.. Who broke the german Enigma under WWII, US or England/Poland ? :-)

  2. Re:Completely unbreakable...? by vscjoe · · Score: 5, Insightful
    Um. If you double compute speed every 18 months, compute power is growing exponentially as well, and you lose one bit of key security every 18 months. It takes years, not eons, to catch up.

    In addition, AES may have problems we don't even know yet. DES turned out not to require brute forcing.

  3. Re:Terrorists? by sql*kitten · · Score: 3, Insightful

    If I read this correctly, terrorist cells qualify as "other organizations". I couldn't find any mention of export limitations, civilian key strength limitations, or bans on use by criminal organizations.

    This really is no big deal. There a many high-quality hard crypto techniques around. If al-Queda really want strong crypto they can just FTP it from ssh.com like anyone else. Or PGP. Or OpenBSD.

    But historically, they have relied on codes (as opposed to cyphers), trusted intermediaries and one time pads.

    Here's a free clue for you: terrorists and other criminals, by definition, don't obey laws. So what if there's a "civilian key strength limitation" when you can download the source, change a #define and type make. So what if there's a ban, that's trivial to people who destroy skyscrapers just to make a point. So what if the algorithm is a secret, the US govt. doesn't have a monopoly on talented mathematicians.

    This genie is already out of the bottle. Trying to put it back will only help the terrorists by disrupting and harming the commercial interests of the West further.

    <rant>
    The Feds never really had a chance of keeping crypto out of the hands of anyone, but they were too stupid to realize it, too busy banning metal cutlery in airports and nonsense like that. I am English, have you ever tried to eat a proper English breakfast with plastic cutlery?!
    </rant>

  4. Re:Completely unbreakable...? by mors · · Score: 2, Insightful

    DES did not turn out not to require brute forcing. DES turned out to require a search of slightly less than the whole keyspace, but thats still brute force by any reasonalb definition of the word.

  5. OSS authors: Don't pick self-destructive names. by Futurepower(tm) · · Score: 4, Insightful


    BouncyCastle.

    It amazes me how often open source authors pick self-destructive names. A serious effort should not be limited by a humorous or trick name.

    A name like BouncyCastle will limit the number of people who adopt the software. People are afraid there is a hidden joke they don't understand.

    There are times when it is appropriate to be 100 percent serious.

    I am NOT saying anything negative about the software. The ONLY negative thing I am saying about the authors is that they are obviously not professional communicators.

    Open Source Software needs marketing communication like any product that wants to reach a large number of people.

    --
    Bush's education improvements were