ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards





Bankers anticipate code-breaking machine

May 18, 1999
Web posted at: 12:57 p.m. EDT (1657 GMT)

by Ann Harrison

(IDG) -- A computer design unveiled earlier this month could unlock messages encrypted with 512-bit encryption keys. But some businesses -- including the nation's largest banking organization -- already are prepared for it.

Kawika Daguio, technology policy consultant at the Washington-based American Bankers Association (ABA), said his organization is already recommending that members encrypt data with keys stronger than those commonly in use. He said the ABA has recommended that members move rapidly to the Triple Data Encryption Standard (DES) for critical applications when the risk justifies it. Triple DES provides 168-bit encryption. The ABA's Ecom online banking project will use 1,024-bit public keys, and 2,048-bit keys for certificate authorities where applicable.

  Computerworld's home page
  Computerworld Year 2000 resource center
  Computerworld's online subscription center
 Reviews & in-depth info at's personal news page
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
 News Radio
 * Computerworld Minute
 * Fusion audio primers

Shoot for 256

The National Institute of Standards and Technology is trying to create an advanced encryption standard. Daguio said the effort should focus on 256 bits for long-term encryption solutions instead of the current 128-bit target. "I am looking 15 to 20 years out rather than the short term," he said.

The new computer design, The Weizmann Institute Key Locating Engine (Twinkle for short), uses optical factoring techniques to determine the correct key for unscrambling messages secured with 512-bit keys. It speeds up the "sieving" process of factoring large numbers used to attack RSA Data Security Inc.'s public-key algorithm. The algorithm is a de facto encryption standard co-developed by Adi Shamir, who designed Twinkle. Shamir estimated that the device can be built for about $5,000 after the design process is complete.

Scientists at RSA in San Mateo, Calif., acknowledged that Twinkle puts data encrypted with 512-bit RSA keys at greater risk. Even before learning of Twinkle, RSA scientists concluded that 512-bit keys would soon be vulnerable; the company now recommends that software developers choose a minimum key size of 768 bits for user keys and 1,024 bits for enterprise keys.

Although some businesses require military-grade encryption of 2,048 bits or higher, most don't need it to secure casual communications or routine requests for information, Daguio said.

"Where you need to do the job right, overdo it a little bit. But we can't overburden business applications beyond what the security case or the business case calls for," he said. Businesses should make sure they don't rely on any one security technology, vendor or implementation to safeguard their data, Daguio added.

DOJ mulls crypto ruling
May 11, 1999
ISP admits scanning its own subscribers
May 6, 1999
U.S. advisor seeks full-blown debate on encryption
May 4, 1999

U.S. adviser seeks full-blown debate on encryption
(Network World Fusion)
McCain proposes loosening crypto restrictions
New battle lines being drawn over encryption debate
(Federal Computer Week)
Key recovery is needed, Interpol exec explains
Cracking DES is all in a day's work for security experts
(InfoWorld Electric)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RSA Data Security
National Institute of Standards and Technology
American Bankers Association
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.