ad info

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
Computing

U.S. government to set new standard for advanced encryption

August 25, 1998
Web posted at: 11:15 AM EDT

by Elinor Mills

From...

(IDG) -- The U.S. National Institute of Standards and Technology (NIST) is reviewing 15 algorithm proposals to search for one that will replace the 56-bit Data Encryption Standard (DES) that was recently cracked, the agency announced last week.

The new standard, to be called Advanced Encryption Standard or AES, is expected to endure for at least 30 years, said Miles Smid, manager of the security technology group at NIST. It will become the government standard and will most likely be adopted by the private sector, as DES was, he said. AES will be available on a royalty-free basis.

NIST knew long before DES was cracked in July that the technology was becoming outdated. "We began this process sooner because we did realize that DES was going to need to be replaced in the future," said Smid. The agency, part of the U.S. Department of Commerce, first requested proposals for AES in September 1997.

The 15 AES proposals were announced at the First AES Candidate Conference in Ventura, California, which started yesterday and concludes tomorrow. "There have even been some weaknesses pointed out at this conference" in the proposals, Smid said.

MORE COMPUTING INTELLIGENCE
  IDG.net home page
  Network World Fusion home page
 Free registration required to access Network World
  Free Network World Fusion newsletters
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at IDG.net
    IDG.net's bridges & routers page
  IDG.net's hubs & switches page
    IDG.net's network operating systems page
  IDG.net's network management software page
  IDG.net's personal news page
  Questions about computers? Let IDG.net's editors help you
  Search IDG.net in 12 languages
  Subscribe to IDG.net's free daily newsletter for network experts
 News Radio
  Fusion audio primers
  Computerworld Minute
     

The evaluation period, during which experts will be asked to test the strength and speed of each proposal, will end April, 1999, and the list will be narrowed down to five top proposals. The winner will be selected by 2000, but is not likely to be formally announced until 2001 after a public comment period, according to Smid.

The second AES conference will be held March 22 and 23 in Rome. DES, developed by IBM Corp. and adopted by NIST in 1977, has only one key size -- 56 bits, which is the length of the encryption algorithm. AES will have three different key sizes: 128 bits, 192 bits and 256 bits. The longer the key size the harder it is to crack.

In the meantime, NIST is recommending companies use Triple DES -- which involves three different DES operations to encrypt and decode -- if they feel DES is not secure enough, Smid said.

It is unclear how or if the new encryption standard will affect the U.S. government's controversial policy which severely restricts the export of encryption stronger than 56-bits. U.S. software companies complain that the policy harms them because strong encryption is widely available outside the U.S. and U.S. vendors are losing money as a result.

The U.S. government argues that it needs to control the export of strong encryption for national security purposes to fight terrorism. The government wants vendors to develop encryption software that includes a key recovery mechanism whereby the government could get access to the algorithm to decode a message for law enforcement purposes. Vendors are generally opposed to that plan.

Smid noted that NIST's public contest to find the next generation encryption standard is a radical change from the government's previously closed procedure for adopting DES. "It's a breakthrough in the way the government and the public sector are coming up with a standard," he said.

Ten of the AES proposals come from the U.S., but other countries represented are Canada, South Korea, Norway, France, Japan, Costa Rica, Australia, Germany, the U.K. and Israel. Companies submitting proposals include Deutsche Telekom AG of Germany, NTT Corp. of Japan, and in the U.S. IBM, Entrust Technologies Inc., RSA Laboratories, Cylink Corp. and Counterpane Systems, which is headed by cryptography expert Bruce Schneier.

Elinor Mills is a San Francisco-based Editor at Large for the IDG News Service.

Related stories:
Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window

Related sites:

External sites are not
endorsed by CNN Interactive.

SEARCH CNN.com
Enter keyword(s)   go    help

   
 

Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.