DES: Now 'really most sincerely dead'
Trei, Peter
ptrei at rsasecurity.com
Tue Jul 27 10:28:09 EDT 2004
Back in late 1996, I wrote to Jim Bidzos, proposing an RSA
Challenge to break single DES by brute force computation.
Later in 1997, the first DES Challenge was successfully
completed.
Its taken another 7 years, but NIST has finally pulled
single DES as a supported mode.
Favorite line: "DES is now vulnerable to key exhaustion
using massive, parallel computations."
Triple DES is still a supported mode, as it
should be.
So, if a product claims to use DES for
protection, you can now officially diss
them for it.
Peter Trei
------------------------------------------
http://edocket.access.gpo.gov/2004/04-16894.htm
[Federal Register: July 26, 2004 (Volume 69, Number 142)]
[Notices]
[Page 44509-44510]
>From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr26jy04-31]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 040602169-4169-01]
Announcing Proposed Withdrawal of Federal Information Processing
Standard (FIPS) for the Data Encryption Standard (DES) and Request for
Comments
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: The Data Encryption Standard (DES), currently specified in
Federal Information Processing Standard (FIPS) 46-3, was evaluated
pursuant to its scheduled review. At the conclusion of this review,
NIST determined that the strength of the DES algorithm is no longer
sufficient to adequately protect Federal government information. As a
result, NIST proposes to withdraw FIPS 46-3, and the associated FIPS 74
and FIPS 81.
Future use of DES by Federal agencies is to be permitted only as a
component function of the Triple Data Encryption Algorithm (TDEA). TDEA
may be used for the protection of Federal information; however, NIST
encourages agencies to implement the faster and stronger algorithm
specified by FIPS 197, Advanced Encryption Standard (AES) instead. NIST
proposes issuing TDEA implementation guidance as a NIST Recommendation
via its ``Special Publication'' series (rather than as a FIPS) as
Special Publication 800-67, Recommendation for Implementation of the
Triple Data Encryption Algorithm (TDEA).
DATES: Comments on the proposed withdrawal of DES must be received on
or before September 9, 2004.
ADDRESSES: Official comments on the proposed withdrawal of DES may
either be sent electronically to DEScomments at nist.gov or by regular
mail to: Chief, Computer Security Division, Information Technology
Laboratory, ATTN: Comments on Proposed Withdrawal of DES, 100 Bureau
Drive, Stop 8930, National Institute of Standards and Technology,
Gaithersburg, MD 20899-8930.
FOR FURTHER INFORMATION CONTACT: Mr. William Barker (301) 975-8443,
wbarker at nist.gov, National Institute of Standards and Technology, 100
Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930.
SUPPLEMENTARY INFORMATION: In 1977, the Federal government determined
that, while the DES algorithm was adequate to protect against any
practical attack for the anticipated 15-year life of the standard, DES
would be reviewed for adequacy every five years. DES is now vulnerable
to key exhaustion using massive, parallel computations.
The current Data Encryption Standard (FIPS 46-3) still permits the
use of DES to protect Federal government information. Since the
strength of the original DES algorithm is no longer sufficient to
adequately protect Federal government information, it is necessary to
withdraw the standard.
In addition, NIST proposes the simultaneous withdrawal of FIPS 74,
Guidelines for Implementing and Using the NBS Data Encryption Standard
and FIPS 81, DES Modes of Operation. FIPS 74 is an implementation
guideline specific to the DES. An updated NIST Special Publication 800-
21, Guideline for Implementing Cryptography in the Federal Government,
will provide generic implementation and use guidance for NIST-approved
block cipher algorithms (e.g., TDEA and AES). Because it is DES-
specific, and DES is being withdrawn, the simultaneous withdrawal of
FIPS 74 is proposed.
FIPS 81 defines four modes of operation for the DES that have been
used in a wide variety of applications. The modes specify how data is
to be encrypted (cryptographically protected)
[[Page 44510]]
and decrypted (returned to original form) using DES. The modes included
in FIPS 81 are the Electronic Codebook (ECB) mode, the Cipher Block
Chaining (CBC) mode, the Cipher Feedback (CFB) mode, and the Output
Feedback (OFB) mode. NIST Special Publication 800-38A, Recommendation
for Block Cipher Modes of Operation, specifies modes of operation for
generic block ciphers. Together with an upcoming message authentication
code recommendation, SP 800-38B, SP 800-38A is a functional replacement
for FIPS 81. FIPS 81 is DES-specific and is proposed for withdrawal
along with FIPS 46-3 and FIPS 74.
NIST invites public comments on the proposed withdrawal of FIPS 46-
3, FIPS 74 and FIPS 81. After the comment period closes, NIST will
analyze the comments and make appropriate recommendations for action to
the Secretary of Commerce.
Future use of FIPS 46-3 by Federal agencies is proposed to be
permitted only as a component function of the Triple Data Encryption
Algorithm or ``TDEA.'' TDEA encrypts each block three times with the
DES algorithm, using either two or three different 56-bit keys. This
approach yields effective key lengths of 112 or 168 bits. TDEA is
considered a very strong algorithm. The original 56-bit DES algorithm
can be modified to be interoperable with TDEA.
Though TDEA may be used for several more years to encourage
widespread interoperability, NIST instead encourages agencies to
implement the stronger and more efficient algorithm specified by FIPS
197, Advanced Encryption Standard (AES) when building new systems. TDEA
implementation guidance will be issued as a NIST Recommendation rather
than as a FIPS. NIST plans to issue TDEA as Special Publication 800-67,
Recommendation for Implementation of the Triple Data Encryption
Algorithm (TDEA).
Authority: Federal Information Processing Standards Publications
(FIPS PUBS) are issued by the National Institute of Standards and
Technology after approval by the Secretary of Commerce pursuant to
section 5131 of the Information Technology Management Reform Act of
1996 and the Federal Information Security Management Act of 2002,
Public Law 107-347.
E.O. 12866: This notice has been determined not to be
significant for purposes of E.O. 12866.
Dated: July 18, 2004.
Hratch Semerjian,
Acting Director, NIST.
[FR Doc. 04-16894 Filed 7-23-04; 8:45 am]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list