Data Encryption Standard: Difference between revisions
imported>Sandy Harris |
imported>Sandy Harris (→DES history and controversy: add a link) |
||
| Line 42: | Line 42: | ||
| volume = 10 | | volume = 10 | ||
| pages = 74-84 | | pages = 74-84 | ||
| date = 1977}}</ref> a $20,000,000 machine that would find a DES key in 12 hours. According to Quisquater & Standaert <ref name="quisstan" />, "They argued that this was out of reach for almost everybody, excepted organizations like the National Security Agency (NSA), but that by the 1990s, the DES would be totally insecure." In 1993, Weiner published a design <ref>{{cite paper | | date = 1977}}</ref> a $20,000,000 machine that would find a DES key in 12 hours. According to Quisquater & Standaert <ref name="quisstan" />, "They argued that this was out of reach for almost everybody, excepted organizations like the National Security Agency (NSA), but that by the 1990s, the DES would be totally insecure." There is an online [http://www.toad.com/des-stanford-meeting.html transcript] of them talking to [[NSA]] and [[NBS]] about this in 1976. | ||
In 1993, Weiner published a design <ref>{{cite paper | |||
| author = M.J. Wiener | | author = M.J. Wiener | ||
| title = Efficient DES Key Search, Technical Report TR-244 | | title = Efficient DES Key Search, Technical Report TR-244 | ||
Revision as of 02:59, 18 December 2008
Template:TOC-right Now considered obsolescent, the Data Encryption Standard (DES) was issued in 1976 by the U.S. government, for use with sensitive but unclassified data. Used in its original form, it is vulnerable to brute force attacks, [1]. although these are sufficiently expensive, for messages of ephemeral value, that much of the financial industry depends on a strengthened implementation of DES.[2] Even when used in some stronger implementations such as triple DES, it still has a vulnerability against the technique of differential cryptanalysis, although its practical use against commercial traffic may not be a matter of enormous concern.
The DES software definition was issued as Federal Standard 1026 (FED-STD-1026), and simultaneously as Federal Information Processing Standard (FIPS) 46, for which several updates and enhancements were issued. It is less well known that FED-STD-1027, which was openly written by the National Security Agency, was issued simultaneously, and specified secure physical packaging for DES encryptors; those mechanical and electrical standards still are useful for stronger methods of encryption.
In 1998, DES was replaced, for for U.S. government use by the much stronger Advanced Encryption Standard (AES). While DES was never intended for classified information, although it was approved for such use in some specific cases, AES, with keys produced by NSA, may be used for classified traffic, as well as unclassified traffic. AES was selected in an open process, and its algorithm is public.[3]
DES history and controversy
It is a block cipher invented by IBM Corporation researchers, with the code name "Lucifer". The original Lucifer [4] had a 128-bit key. In the submission of proposals to the U.S. government, IBM proposed a 64-bit key, but, on NSA recommendation, the key length was reduced to 56 bits. There was much controversy about the reduction in key length being made not to interfere with NSA cryptanalysis of DES. NSA also required that the mathematical theory used for certain parts of the DES processing, called S-boxes, be classified.
While the U.S. Senate Intelligence Committee's independent experts concluded that NSA was not creating a back door, NSA did have a reason for keeping the S-box criteria secret that surfaced in the 1980s: deep understanding of DES revealed the technique of differential cryptanalysis, considered much more sensitive than DES itself.
There have been a long series of papers on the difficulty of cracking DES by brute force; see this literature review [5]. In 1977, Whitfield Diffie and Martin Hellman proposed [6] a $20,000,000 machine that would find a DES key in 12 hours. According to Quisquater & Standaert [5], "They argued that this was out of reach for almost everybody, excepted organizations like the National Security Agency (NSA), but that by the 1990s, the DES would be totally insecure." There is an online transcript of them talking to NSA and NBS about this in 1976.
In 1993, Weiner published a design [7] for a $1 million machine that would find a key in 3.5 hours. Actual machines have also been built. In 1998, the Electronic Frontier Foundation built a $200,000 machine that finds a DES key in a few days; details are in "Cracking DES" [8]. In 2006, two German universities built a $10,000 "Cost-Optimized Parallel COde Breaker" or Copacobana [1] machine based on Field programmable gate arrays that breaks DES in just under a week on average.
Technology
Specifically, DES is a member of the class of Feistel ciphers.
The design is discussed in the block cipher article section on DES.
References
- ↑ Electronic Frontier Foundaton (July 17, 1998), "EFF DES Cracker" Machine brings Honesty to Crypto Debate; Electronic Frontier Foundation proves that DES is not secure
- ↑ Landau, Susan (March 2000), "Standing the Test of Time: The Data Encryption Standard", Notices of the American Mathematical Society, pp. 341-349
- ↑ Burr, William E., (U.S.) National Institutes of Standards and Technology
- ↑ Arthur Sorkin (Jan 1984). Lucifer, A Cryptographic Algorithm.
- ↑ 5.0 5.1 Jean-Jacques Quisquater & Francois-Xavier Standaert (February 2005). Exhaustive Key Search of the DES: Updates and Refinements.
- ↑ W. Diffie, M. Hellman (1977). "Exhaustive Cryptanalysis of the NBS Data Encryption Standard".
- ↑ M.J. Wiener (1993). "Efficient DES Key Search, Technical Report TR-244". School of Computer Science, Carleton University, Ottawa.
- ↑ Electronic Frontier Foundation (1998). Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design. Electronic Frontier Foundation. ISBN ISBN: 1-56592-520-3.