World Vies for New Encryption Scheme
- By Scott Bekker
The U.S. Commerce Department’s National Institute of Standards and Technology (NIST, Gaithersburg, MD, www.nist.gov
) announced it's reviewing 15 encoding algorithms as candidates to replace the 56-bit Data Encryption Scheme (DES) that was recently cracked. NIST is inviting the worldwide cryptographic community to attack the formulas in an attempt to break the codes during the first evaluation period, which will end April 15, 1999. NIST will also be looking at factors such as security and speed.
The winning algorithm, which isn’t expected to be chosen until 2001, will be called the Advanced Encryption Standard (AES). The NIST is hoping the new algorithm will last the government for the next 30 years. NIST adopted DES, developed by IBM Corp., in 1977 as a Federal Information Processing Standard for use by federal agencies to encrypt sensitive data. Since then, many private computer companies have accepted the algorithm as their own standard. AES, just like its predecessor, will be available to the private sector at no cost of royalty.
This and other security issues are being addressed at the first AES Candidate Conference which has been taking place this week in Ventura, Calif. Another conference will be held March 22 and 23 in Rome.
DES’ key size, 56-bits, is rather small compared to modern abilities, but the U.S. government restricts the export of encryption stronger than 56-bits. This is the subject of a large controversy between private companies and the U.S. government.
Companies are arguing that the policy hurts them because there is stronger encryption abroad and U.S. companies are losing money as a result. The government contends that strong encryption is dangerous to the country’s national security. The government wants encryption schemes to include a device that would allow government agencies to decode the data. The private sector is fighting this.--Brian Ploskina, Assistant Editor
Scott Bekker is editor in chief of Redmond Channel Partner magazine.