NIST Proposes Abandoning DES
Mr. Manometer writes "With little fan-fare, NIST proposed yesterday to withdraw the Federal Information Processing Standard (FIPS) for the Data Encryption Standard (DES) with a Federal Register notice (pdf). NIST is encouraging federal agencies to use the Advanced Encryption Standard (AES) instead since they feel that DES is 'now vulnerable to key exhaustion using massive parallel computations.' We all knew this day would come as computers got faster & cheaper... and this should put more pressure on folks to use stronger encryption techniques with is a good thing." Some would argue that DES has been insufficient for some time now.
This is actually a valid point about intelligence. Although it's obvious that there are places where uncrackable encryption should be used if at all possible, there are many others where disinformation can be used to great effect. An example is where a message crackable in finite time is allowed to be intercepted because by the time it is decrypted it is too late to take action, the object being to build up the credibility of an information source prior to shovelling out a great load of disinformation. I believe this technique was used ahead of the D-Day landings as part of the plan to persuade the Germans that the invasion would actually be in the Pas de Calais.
For this reason I would have thought it was unwise for official bodies to make statements about the use of different forms of encryption - unless it's a double bluff and DES will continue to be used for short-life messages.
Tinfoil hat? Stress-relieved oxygen-free copper plated mumetal in my case.
Panurge has posted for the last time. Thanks for the positive moderations.