Slashdot Mirror

← Back to Stories (view on slashdot.org)

AES Announced as Federal Standard

Posted by michael on from the government-gets-better-locks dept.

chekhov writes: "Today NIST has finally announced AES (Advanced Encryption Standard) as a Federal Standard after 4 years of development. See the press release. AES is the replacement of DES and is expected to be used in financial systems and secure networks for up to 20 years. More information on the AES homepage."

8 of 267 comments (clear)

  1. Goverment Sponsored Attacks by ukryule · · Score: 5, Interesting
    From the press release:
    After the field was narrowed down to five in April 1999, NIST asked for intensified attacks and scrutiny on the finalists.

    Interesting that the US government was busy asking people to try to crack an encryption standard, while at the same time upholding a law to make breaking encryption illegal.

    So, now that this encryption method is officially accepted, will it be illegal to try to crack it?
  2. Re:European Technology by onion2k · · Score: 5, Informative

    Poland got there first, but when the Germans invaded completely ran out of resources and handed all their research over to England. A lot of work further down the line, and we (I'm English) were breaking the 3 wheel standard Enigma within hours of getting the first encrypted transmissions, thanks to Turing's 'bombes' (electro mechanical decrypting devices).

    However, when it came to the German naval Enigma, the 4 wheel version, we ground to a halt. We didn't have the resources to build enough hardware to break the crypts within any time that the info would have helped. So we called in the US to help build more gear.. It was a big team effort.

    Note however, that the 3rd Reich trusted Enigma utterly. They fell into the trap of thinking they were completely secure, and that was the downfall of Enigma, as it would be of any trusted encryption. Encryption by definition is breakable in a certain length of time. The problem with Enigma was that there were backdoors, such as the fact it never encrypted any letter as itself. The security of AES is currently being hailed as the fact it has a key field 10 to the 21 times larger than 56bit DES. Great. Only an idiot would try to brute force it though, so the number of keys is somewhat arbitrary.

    --
    http://twitter.com/onion2k
  3. Re:Standard ? by Stackster · · Score: 5, Informative

    > There a big ambiguity that I couldn't really sort out while reading these web pages : Is this an Open standard or a Commercial standard ?

    It's a US government standard, meaning that all government-related (whatever that means) should use it (or something like that). It's just another algorithm instead of DES/3DES to be used as The Official US Government Encryption Standard.
    Some pieces-o'-software, both free and commercial, use Rijndael, but it's not a standard (ISO or ANSI or whatever).

    > Will I have to pay royalties if I intend to write AES-compliant programs then sell related services ?

    Probably not. There are plenty of free implementations of the Rijndael algorithm, and from what I can figure out, there doesn't seem do be any restrictions to it. From the authour's page:
    Rijndael is available for free. You can use it for whatever purposes you want, irrespective of whether it is accepted as AES or not.

    Even if the US government puts some kind of export restriction on software using it, it's still very available (in several free (of some kind) implementations) outside US.
    NIST too, provide their own reference implementation.

    > I actually read in the facts page that the "public" helped building the algorithm and specs but in which way is that AES thing public ?

    The algorithm was invented by "the public" (two guys in Belgium), not by NIST or the US government. NIST just selected the one algorithm they considered the most appropriate from the whole lot of available encryption algorithms out there.

    --

    There are 010 kinds of people. Those who understand octal, those who don't, and 06 other kinds of morons.
  4. Re:European Technology by dimitri_k · · Score: 5, Interesting


    The security of AES is currently being hailed as the fact it has a key field 10 to the 21 times larger than 56bit DES. Great. Only an idiot would try to brute force it though, so the number of keys is somewhat arbitrary.

    Key length is, of course, vitally important. Understand the Rijndael spec. before you continue your speculation. Also, many "idiots" try to brute force it. Effort required to force a key is proportional to the cipher's weakness.

    Less generally, by employing lack of symmetry and a non-linear layer in the cipher, AES pretty much gurantees that you'll simply be searching the key-space at random. If you can come up with a way to do better than a brute force, you should quit your current job.

    The 2^255 Rijandel iterations required to force a 32 byte key is certainly sufficiently secure by todays standards, but historically consistent increases in computing power coupled with increased distributed processing ability due to networked computer proliferation means that keys will have to keep growing to stay resonably secure.

    --
    sig is
  5. Re:Completely unbreakable...? by vscjoe · · Score: 5, Insightful
    Um. If you double compute speed every 18 months, compute power is growing exponentially as well, and you lose one bit of key security every 18 months. It takes years, not eons, to catch up.

    In addition, AES may have problems we don't even know yet. DES turned out not to require brute forcing.

  6. Re:used in PGP? by ssimpson · · Score: 5, Informative

    RFC2440, which defines the OpenPGP standard, already reserves 3 AES keys sizes (128, 192, 256-bit).

    Gnupg already supports AES in all 3 block sizes and so does 'official' PGP v7.0x.

    PGP since v7.x hasn't been open source, so you won't find any details at www.pgpi.org. The best way to add AES support to previous 'open source' versions is to use the CKT builds by Imad. These are still based upon the v6.58 code base but contains dozens of fixes and improvements.

    --
    "Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
  7. Re:Completely unbreakable...? by Skuto · · Score: 5, Informative

    >The S-tables were thought to have been chosen to
    >make the algorithm easy to break for someone who
    >knew the secret.

    Yes, this is what was _thought_.

    When differential cryptanalysis was discovered in 1991, many DES 'replacements' were completely broken, but DES itself was only weakened, not broken.

    It turned out to be those NSA-picked S-boxes that made it much more secure than the alternatives. So, they actualy made the algorithm stronger, not weaker.

    (and they had appearently knew about differential cryptanalysis some 20 years before the academic world did. scary, isn't it?)

    --
    GCP

  8. In other news, AG Ashcroft jailed all 857 employes by sphealey · · Score: 5, Funny

    In other news, Attorney General John Ashcroft "detained" all 857 employees of the NIST as "suspected terrorists". They are being held incommunicado at an undisclosed location, awaiting execution by a miliary tribunal. "We can't just have people releasing encryption algorithms whenever they feel like it, even if they are employees of the US Government," said Ashcroft. When it was pointed out to him that bin Laden avoids technical means of communication in favor of face-to-ear whispers among trusted family members, Ashcroft replied: "That's OK. Better to execute 857 innocent geeks than allow one terrorist to slip through."

    sPh