ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

From...
Computerworld

Bankers anticipate code-breaking machine

May 18, 1999
Web posted at: 12:57 p.m. EDT (1657 GMT)

by Ann Harrison

(IDG) -- A computer design unveiled earlier this month could unlock messages encrypted with 512-bit encryption keys. But some businesses -- including the nation's largest banking organization -- already are prepared for it.

Kawika Daguio, technology policy consultant at the Washington-based American Bankers Association (ABA), said his organization is already recommending that members encrypt data with keys stronger than those commonly in use. He said the ABA has recommended that members move rapidly to the Triple Data Encryption Standard (DES) for critical applications when the risk justifies it. Triple DES provides 168-bit encryption. The ABA's Ecom online banking project will use 1,024-bit public keys, and 2,048-bit keys for certificate authorities where applicable.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Computerworld's home page
  Computerworld Year 2000 resource center
  Computerworld's online subscription center
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
 News Radio
 * Computerworld Minute
 * Fusion audio primers
   

Shoot for 256

The National Institute of Standards and Technology is trying to create an advanced encryption standard. Daguio said the effort should focus on 256 bits for long-term encryption solutions instead of the current 128-bit target. "I am looking 15 to 20 years out rather than the short term," he said.

The new computer design, The Weizmann Institute Key Locating Engine (Twinkle for short), uses optical factoring techniques to determine the correct key for unscrambling messages secured with 512-bit keys. It speeds up the "sieving" process of factoring large numbers used to attack RSA Data Security Inc.'s public-key algorithm. The algorithm is a de facto encryption standard co-developed by Adi Shamir, who designed Twinkle. Shamir estimated that the device can be built for about $5,000 after the design process is complete.

Scientists at RSA in San Mateo, Calif., acknowledged that Twinkle puts data encrypted with 512-bit RSA keys at greater risk. Even before learning of Twinkle, RSA scientists concluded that 512-bit keys would soon be vulnerable; the company now recommends that software developers choose a minimum key size of 768 bits for user keys and 1,024 bits for enterprise keys.

Although some businesses require military-grade encryption of 2,048 bits or higher, most don't need it to secure casual communications or routine requests for information, Daguio said.

"Where you need to do the job right, overdo it a little bit. But we can't overburden business applications beyond what the security case or the business case calls for," he said. Businesses should make sure they don't rely on any one security technology, vendor or implementation to safeguard their data, Daguio added.


RELATED STORIES:
DOJ mulls crypto ruling
May 11, 1999
ISP admits scanning its own subscribers
May 6, 1999
U.S. advisor seeks full-blown debate on encryption
May 4, 1999

RELATED IDG.net STORIES:
U.S. adviser seeks full-blown debate on encryption
(Network World Fusion)
McCain proposes loosening crypto restrictions
(Computerworld)
New battle lines being drawn over encryption debate
(Federal Computer Week)
Key recovery is needed, Interpol exec explains
(Computerworld)
Cracking DES is all in a day's work for security experts
(InfoWorld Electric)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
RSA Data Security
National Institute of Standards and Technology
American Bankers Association
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.