Skip to main content /TECH with /TECH

U.S. government adopts new encryption standard


By Jaikumar Vijayan

(IDG) -- The federal government's recent decision to adopt the Advanced Encryption Standard (AES) for securing sensitive information will trigger a move from the aging Data Encryption Standard (DES) in the private sector, users and analysts said.

But don't expect it to happen overnight, they added. Technology standards bodies representing industries such as financial services and banking need to approve AES as well, and that will take time. And products such as wireless devices and virtual private networks that incorporate AES have yet to be developed. Corporations using Triple DES technologies, which offer much stronger forms of encryption than DES, will have to wait until low-cost AES implementations become available before a migration to the new standard makes sense from a price perspective.

"AES will likely not replace more than 30 percent of DES operations before 2004," said John Pescatore, an analyst at Stamford, Connecticut-based Gartner Inc. INFOCENTER
Related Stories
Visit an IDG site search

Secretary of Commerce Don Evans announced the approval of AES as the new Federal Information Processing Standard on December 4. The formal approval makes it compulsory for all U.S government agencies to use AES for encrypting information starting May 26.

AES is a 128-bit encryption algorithm based on a mathematical formula called Rijndael (pronounced "rhine doll") that was developed by cryptographers Joan Daemen at Proton World International and Vincent Rijmen at Katholieke Universiteit Leuven, both in Belgium.

Experts claim that the algorithm is small, fast and very hard to crack -- it would take 149 trillion years to crack a single 128-bit AES key using today's computers.

AES offers a more secure standard than the 56-bit DES algorithm, which was developed in the 1970s and has already been cracked. AES is considered even better than Triple DES, which is compatible with DES but uses a 112-bit encryption algorithm that's considered unbreakable using today's techniques. In software, AES runs about six times as fast as Triple DES and is less CPU-intensive.

The advantages of AES make it inevitable that private corporations will start using it for encryption, said Paul Lamb, chief technology officer at Oil-Law Records Corp., a provider of regulatory and legal information to oil and natural gas companies in Oklahoma City. Corporations will adopt AES "because of the perceived problems with DES and the greater sense of security with AES," he said.

"I would expect the adoption curve to be pretty steep," said Steve Lindstrom, an analyst at Framingham, Massachusetts-based Hurwitz Group Inc. Any concerns corporations had about AES not being widely adopted have been put to rest with the government's decision to adopt it for all encryption going forward, he added.


• Department of Commerce

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top