AES suitable for protecting Top Secret information
Arnold G. Reinhold
reinhold at world.std.com
Wed Apr 14 18:31:21 EDT 2004
I was the one who updated the Wikipedia entry . It was shortly before
the cryptography list came back up. I found the June 2003 CNSS fact
sheet while looking for other information on NIST's standards
program. The first reference that I found that suggested AES could be
used for classified was in a slide presentation at a Dec. 4, 2002
NIST Wireless Security workshop http://csrc.nist.gov/wireless by
Timothy Havighurst of NSA on DOD Wireless Policy
http://csrc.nist.gov/wireless/S04_DOD%20Wireless%20Requirements-th.pdf
One slide reads:
" SECRET and TOP SECRET data must be approved with a Type I algorithm
- BATON
- AES (sufficient key length)
- SKIPJACK"
(I believe the BATON algorithm itself is still classified.)
This is a major milestone in cryptography. I believe it is the first
time in modern history that the public knowingly has access to a
cipher that the U.S. Government currently considers strong enough for
Top Secret information.
Note that the CNSS fact sheet goes on to say:
"The implementation of AES in products intended to protect national
security systems and/or information must be reviewed and certified
by NSA prior to their acquisition and use."
Another interesting presentation at the same NIST workshop was by
Bill Burr on NIST's Cryptographic Standards Program.
http://csrc.nist.gov/wireless/S04_NIST_crypto_program_final-bb.pdf It
has a nice chart comparing the strengths of various crypto primitives
based on their key length (page 7). Anther slide (page 13) contains
the following interesting statement:
"Proposed 80-bit crypto end of use date: 2015"
Based on the page 7 chart, this presumably includes SHA1, Skipjack,
1024-bit RSA/DSA and 160-bit ECC.
Arnold Reinhold
At 12:34 PM -0400 4/14/04, Vin McLellan wrote:
>I missed that announcement too -- but Wikipedia, the web-based Free
>Encyclopedia, caught it! See Wikipedia on AES at:
>http://en.wikipedia.org/wiki/AES
>
>The Wikipedia module on AES Security has a link to the same NSA fact
>sheet Steve mentioned.
>
>I was surprised. I thought, as in so many other things, the NSA was
>going to say one thing and do another.
>
>Suerte,
> _Vin
>
>At 4/14/2004, Steve Bellovin wrote:
>
>>I haven't seen this mentioned on the list, so I thought I'd toss it
>>out. According to http://www.nstissc.gov/Assets/pdf/fact%20sheet.pdf ,
>>AES is acceptable for protecting Top Secret data. Here's the crucial
>>sentence:
>>
>> The design and strength of all key lengths of the AES algorithm
>> (i.e., 128, 192 and 256) are sufficient to protect classified
>> information up to the SECRET level. TOP SECRET information will
>> require use of either the 192 or 256 key lengths.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list