Slashdot Mirror

← Back to Stories (view on slashdot.org)

NIST Proposes Abandoning DES

Posted by ryuzaki0 on from the thanks-for-all-your-hard-work dept.

Mr. Manometer writes "With little fan-fare, NIST proposed yesterday to withdraw the Federal Information Processing Standard (FIPS) for the Data Encryption Standard (DES) with a Federal Register notice (pdf). NIST is encouraging federal agencies to use the Advanced Encryption Standard (AES) instead since they feel that DES is 'now vulnerable to key exhaustion using massive parallel computations.' We all knew this day would come as computers got faster & cheaper... and this should put more pressure on folks to use stronger encryption techniques with is a good thing." Some would argue that DES has been insufficient for some time now.

15 of 205 comments (clear)

  1. It was bound to happen eventually. by Jim+Starx · · Score: 4, Insightful

    All realistic encryption scemes have a lifespan.

    --
    The darkness... controls the music. The music... controls the soul.
  2. Computation power?? by www.sorehands.com · · Score: 4, Insightful
    It is always expected that any encryption will be crackable given sufficient computing power, and with Moore's law, that will always eventually happen. But of course by that time, a new more secure, algorithm that requires more computing power to encrypt will be available.

    It is interesting to note that they recommend using a faster algorithm.

    Of course us, of the tin-foil-hat, brigade know that the government has a very secure algorithm (gotten from area 51), but they never tell us about, just so we use an algorithm that we think is secure, but they have their own back-door.

    --
    Fight Spammers!
  3. What about triple DES by Slick_Snake · · Score: 3, Insightful

    Its be accepted by many in the industry that DES was too weak. However you can use DES repeatedly with different keys to make up for it and thus you get triple DES. It effectly gives you a key space of 56 * 3 = 168 bit keys which is much better. And you could always run the data through a few more times if you are realy paranoid.

    1. Re:What about triple DES by cw0 · · Score: 2, Insightful

      The algorithm itself was never weak. It was actually the key length that made it weak. That's why only brute force can be used to break it.

      --
      Russe in Beton und Stahl, müde alles Material.
    2. Re:What about triple DES by Thagg · · Score: 2, Insightful

      There are significant advantages of triple DES.

      1) DES has been around a long time. People have attacked it for years, with every new and old technique of cryptanalysis. DES was created by IBM with help (no, really!) from NSA -- it was NSA that proposed adjustements in the S-Boxes that made DES more resistant to differential cryptanalysis. DES has proven to be secure, except for the obvious key-length problem, in the very best way you can prove an algorithm secure -- by having the best minds on the planet beat on it mercilessly for decades.

      2) DES hardware exists, and is inexpensive and relatively secure. Using current hardware to impliment triple DES is easy.

      3) It's upward compatible with existing systems. Using the same key three times yeilds is the same as doing regular 56-bit DES (The second DES is usually set up in decrypt mode.) One could well argue that the interoperability with single DES is not really a win, though -- that it allows users to be insecure.

      While AES is great, and has been vetted as well as can be expected in the few years since its invention, triple DES is not a bad alternative.

      thad

      --
      I love Mondays. On a Monday, anything is possible.
    3. Re:What about triple DES by michael_cain · · Score: 2, Insightful
      DES hardware exists, and is inexpensive and relatively secure. Using current hardware to impliment triple DES is easy.

      Indeed. It is one thing for NIST to recommend that everyone using software implementations of DES should change to something else (although it appears that they are actually only recommending it to government users). It is a very different thing to deal with the millions of consumer devices out there with hardware DES which would have to be replaced.

  4. I nominate this for understatement of the day by Marxist+Hacker+42 · · Score: 4, Insightful

    Some would argue that DES has been insufficient for some time now.

    Yeah, like since the day I first heard about it, back in 1995.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  5. Isufficient for what? by m.h.2 · · Score: 4, Insightful

    "Some would argue that DES has been insufficient for some time now."

    Insufficient for what? I hate to play semantics, and I'm no cryptographer, but as I understand it, the inadequacies of an encryption algorithm are primarily defined by the implementation and the reason for it [application]. OK, it's a weak cipher, but in certain instances, it may still be useful. Right?

    1. Re:Isufficient for what? by nkntr · · Score: 3, Insightful

      I think that this falls under the category of "anything worth encrypting is worth encrypting well" category. If you are doing it for pure educational sake, use whatever you want. But if you are charged with a purpose of keeping some information private, then it is your responsibility to use an encryption method that is sufficient to keep it private.

    2. Re:Isufficient for what? by cynic10508 · · Score: 3, Insightful

      Insufficient for what?

      What it boils down to is that DES has a fixed key length of 56 bits. Sure, you can 3DES it but you've also tripled the number of computations you have to do for every block of data. So while DES's key size has remained fixed, computing power is expanding at Moore's law. So, inevitably, computing power will overwhelm DES's practicality. It's just a matter of time (read: now). While AES, on the other hand, allows you to expand the key size from 128-bits by 64-bit blocks. So we could be running encrypted communications channels with 512-bit (or higher) AES if we liked.

  6. Re:arrggghh... by ticklemeozmo · · Score: 4, Insightful

    I was going to write a long, well thought out reply to this story but the IT colour scheme is causing acid flashbacks

    I seriously thought the sarcasm about the crappy color scheme was going to get old after a while, but actually it still seems appropriate. For Vishnu's sake, change the friggen colors!

    --
    When modding "Informative", please make sure it both has a source and IS actually informative.
  7. Cracking yesterday's secrets? by danharan · · Score: 3, Insightful

    Secrets normally take years, often decades to be out in the public domain. What was daunting before EFF's 1998 achievement is looking more and more trivia for a government that wouldn't blink at the cost of buying a 1,000 node super-computer.

    To future-proof secrets, you'd have to encrypt at a level that not only would be ridiculously expensive to crack today, but as long as you need to keep them, well, secret. Imagine some of the files from the time of the UNSC's Iraq debates a year-and-a-half ago getting cracked today or before the next US presidential election.

    --
    Information: "I want to be anthropomorphized"
  8. DES by Anonymous Coward · · Score: 1, Insightful

    So they aren't going to admit that the only reason for recommending it in the first place was that they had the ability to break it all along? And now that lots of others can, it gives them no advantage...

  9. AES is *much* stronger than 3DES by Paul+Crowley · · Score: 2, Insightful

    AES certainly was designed to be secure. You exaggerate the extent of what people have against it so far by an absolutely gargantuan margin.

    In addition, you are clearly unaware of Stefan Lucks's attacks on 3DES, which take it down to about 72 bits of security - far from the 112 it promises. You might as well just use DESX, which is about as strong but three times faster.

    --
    Xenu loves you!
  10. pipes leak at both ends by Anonymous Coward · · Score: 1, Insightful

    Encryption is just a kind of fancy FedEx for fancy information. There's no value after delivery, because somebody signs for it, and that person is vulnerable to blandishment, threat, seduction, coercion and Vulcan mind melds. The inadequacy of DES for most purposes if matched by the inadequacy of ANY scheme where secure pipes join, meter, valve or misalign.