August 1st, 2004

classic beard

Crypto: DES is dead. AES is good enough.

According to CNSS Policy No. 15, Fact Sheet No. 1, "National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information", published in June 2003, documents an analysis of AES by the NSA in the context of US Government use (as opposed to public and commercial use.) The most interesting phrase (stripped of many boring qualifiers) is probably

The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths.

According to the NIST September 2002 ITL Bulletin,

When FIPS 46-3 comes up for review in 2004, single DES will no longer be approved for Federal Government applications.

A recent Infoworld article talks about the Kocher/Gilmore machine (Deep Crack) and talks about NIST's review only "proposing" the retirement of DES - and makes the point that random governments, or virus writers harnessing "zombie" machines, can crack DES at whim.

If you care about anything that still uses DES, it's clearly time to replace it.
  • Current Music
    Barcelona: Shell Account
  • Tags