|
U.S. government adopts new encryption standard
By Jaikumar Vijayan (IDG) -- The federal government's recent decision to adopt the Advanced Encryption Standard (AES) for securing sensitive information will trigger a move from the aging Data Encryption Standard (DES) in the private sector, users and analysts said. But don't expect it to happen overnight, they added. Technology standards bodies representing industries such as financial services and banking need to approve AES as well, and that will take time. And products such as wireless devices and virtual private networks that incorporate AES have yet to be developed. Corporations using Triple DES technologies, which offer much stronger forms of encryption than DES, will have to wait until low-cost AES implementations become available before a migration to the new standard makes sense from a price perspective. "AES will likely not replace more than 30 percent of DES operations before 2004," said John Pescatore, an analyst at Stamford, Connecticut-based Gartner Inc.
Secretary of Commerce Don Evans announced the approval of AES as the new Federal Information Processing Standard on December 4. The formal approval makes it compulsory for all U.S government agencies to use AES for encrypting information starting May 26. AES is a 128-bit encryption algorithm based on a mathematical formula called Rijndael (pronounced "rhine doll") that was developed by cryptographers Joan Daemen at Proton World International and Vincent Rijmen at Katholieke Universiteit Leuven, both in Belgium. Experts claim that the algorithm is small, fast and very hard to crack -- it would take 149 trillion years to crack a single 128-bit AES key using today's computers. AES offers a more secure standard than the 56-bit DES algorithm, which was developed in the 1970s and has already been cracked. AES is considered even better than Triple DES, which is compatible with DES but uses a 112-bit encryption algorithm that's considered unbreakable using today's techniques. In software, AES runs about six times as fast as Triple DES and is less CPU-intensive. The advantages of AES make it inevitable that private corporations will start using it for encryption, said Paul Lamb, chief technology officer at Oil-Law Records Corp., a provider of regulatory and legal information to oil and natural gas companies in Oklahoma City. Corporations will adopt AES "because of the perceived problems with DES and the greater sense of security with AES," he said. "I would expect the adoption curve to be pretty steep," said Steve Lindstrom, an analyst at Framingham, Massachusetts-based Hurwitz Group Inc. Any concerns corporations had about AES not being widely adopted have been put to rest with the government's decision to adopt it for all encryption going forward, he added. |
|
||||||||||||||||||||||||||||||||
RELATED STORIES:
Master key encryption plan abandoned
October 22, 2001 Encryption advocates resist legal limits September 18, 2001 U.S. frees up encryption policy January 14, 2000 U.S. government to set new standard for advanced encryption August 25, 1998 RELATED IDG.net STORIES:
 Encryption advocates resist legal limits
(Computerworld)  U.S. approves next-generation encryption standard (InfoWorld.com)  New US encryption regulations draw criticism from industry group (LinuxWorld)  Opening encryption 'back door' problematic, experts say (InfoWorld.com)  Should the publication of encryption code be outlawed? (Darwin)  Top 5 encryption utilities (PCWorld.com)  Understanding Data Encryption Standard (ITWorld.com)  Finalists picked for next fed crypto standard (Computerworld) RELATED SITES:
 Department of Commerce
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars New telemarketer tool trumps TeleZapper Terra Lycos logs $2.2B loss AOL to offer song downloads Microsoft seeks fiscal fountain of youth (More) |
||||||||||||||||||||||||||||||||||
Back to the top |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |