Slashdot Mirror

← Back to Stories (view on slashdot.org)

NIST Proposes Abandoning DES

Posted by ryuzaki0 on from the thanks-for-all-your-hard-work dept.

Mr. Manometer writes "With little fan-fare, NIST proposed yesterday to withdraw the Federal Information Processing Standard (FIPS) for the Data Encryption Standard (DES) with a Federal Register notice (pdf). NIST is encouraging federal agencies to use the Advanced Encryption Standard (AES) instead since they feel that DES is 'now vulnerable to key exhaustion using massive parallel computations.' We all knew this day would come as computers got faster & cheaper... and this should put more pressure on folks to use stronger encryption techniques with is a good thing." Some would argue that DES has been insufficient for some time now.

5 of 205 comments (clear)

  1. Re:What about triple DES by baudilus · · Score: 2, Interesting

    While your argument is valid, I fail to see the usefulness of spending more time to strengthen a weak algorithm rather than using one that is inherently more secure. It's like putting more and more duct tape over the hole rather than just changing the pipe.

  2. Disallowed for .se use for a while by Anonymous Coward · · Score: 3, Interesting

    When I did my military service in Sweden 96/97 I came across the official introduction book to cryptology (the Swedish military has, as I assume every national military has, a book division making various manuals). It was pretty standard starting out with substitution and permutation and quickly moving past most techniques up to finite field equations. I don't know when the book was written (it didn't say), but probably in the mid to late 80's since the most recent book reference was from 85. The thing that really caught my eye was however a paragraph that essentially said "DES is not certified for secure transmissions in the Swedish military for reasons we will not discuss here". Given that they broke every crypto system transmitted over Sweden during WWII, I would take their advice if they say not to use a cipher.

  3. But who wants a totally secure system? by panurge · · Score: 4, Interesting
    I'm reminded of Terry Pratchett's Havelock Vetinari, (various Discworld books) who gets his pet scientist to devise him cyphers that are merely fiendishly difficult - because he wants his enemies to think they know what he is thinking.
    This is actually a valid point about intelligence. Although it's obvious that there are places where uncrackable encryption should be used if at all possible, there are many others where disinformation can be used to great effect. An example is where a message crackable in finite time is allowed to be intercepted because by the time it is decrypted it is too late to take action, the object being to build up the credibility of an information source prior to shovelling out a great load of disinformation. I believe this technique was used ahead of the D-Day landings as part of the plan to persuade the Germans that the invasion would actually be in the Pas de Calais.

    For this reason I would have thought it was unwise for official bodies to make statements about the use of different forms of encryption - unless it's a double bluff and DES will continue to be used for short-life messages.
    Tinfoil hat? Stress-relieved oxygen-free copper plated mumetal in my case.

    --
    Panurge has posted for the last time. Thanks for the positive moderations.
  4. Re:Perhaps instead of AES... by obergeist666 · · Score: 2, Interesting

    From the India Today article:

    Two people wishing to exchange a secret message would need to set up a source of genuinely random numbers that broadcasts these numbers to both of them, and that produces so many random numbers that no eavesdropper could possibly record everything it broadcasts for whatever interval of time it takes to set up a message.

    This sounds like yet another one-time pad scheme. One-time pads are provably unbreakable, but the problem is the key distribution and storage. The article continues:

    The first step in sending a message would be for the sender to notify the receiver to start listening for random numbers at a certain time, or both parties might be continuously listening, so that the numbers to be used might be collected over days or weeks instead of minutes. Both parties would, according to a prearranged system governed by a key, listen for, and record, a minute subset of the broadcast random numbers, small enough that it could be recorded easily.

    There's your weakness: there is a prearranged system governed by a key to record the one-time pad. How will you communicate that key? An eavesdropper could record that key.

    And also, it could take days or even weeks to generate one single one-time pad. So it's not very practical. Remember, you cannot reuse a one-time pad. Reusing it makes it vulnerable to attacks.

  5. Re:What about triple DES by man_ls · · Score: 2, Interesting

    One interesting tidbit (from "Applied Cryptography") was that the NSA adjustments to the S-boxes actually predicted and secured for a vaunerability that was discovered 30 years later.

    When the S-box attacks came out in the 90s or so, people thought DES might be vaunerable to it -- but the adjustments the NSA had made decades before to the standard prevented its vaunerability.

    That's impressive. Did they know, or was it just lucky.