[15842] in cryptography@c2.net mail archive
DES: Now 'really most sincerely dead'
daemon@ATHENA.MIT.EDU (Trei, Peter)
Wed Jul 28 13:36:58 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 27 Jul 2004 10:28:09 -0400
From: "Trei, Peter" <ptrei@rsasecurity.com>
To: <cypherpunks@minder.net>, <cryptography@metzdowd.com>
Back in late 1996, I wrote to Jim Bidzos, proposing an RSA
Challenge to break single DES by brute force computation.=20
Later in 1997, the first DES Challenge was successfully
completed.
Its taken another 7 years, but NIST has finally pulled=20
single DES as a supported mode.=20
Favorite line: "DES is now vulnerable to key exhaustion=20
using massive, parallel computations."
Triple DES is still a supported mode, as it
should be.
So, if a product claims to use DES for
protection, you can now officially diss=20
them for it.
Peter Trei
------------------------------------------
http://edocket.access.gpo.gov/2004/04-16894.htm
[Federal Register: July 26, 2004 (Volume 69, Number 142)]
[Notices] =20
[Page 44509-44510]
>From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr26jy04-31] =20
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 040602169-4169-01]
=20
Announcing Proposed Withdrawal of Federal Information Processing=20
Standard (FIPS) for the Data Encryption Standard (DES) and Request for=20
Comments
AGENCY: National Institute of Standards and Technology (NIST),=20
Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: The Data Encryption Standard (DES), currently specified in=20
Federal Information Processing Standard (FIPS) 46-3, was evaluated=20
pursuant to its scheduled review. At the conclusion of this review,=20
NIST determined that the strength of the DES algorithm is no longer=20
sufficient to adequately protect Federal government information. As a=20
result, NIST proposes to withdraw FIPS 46-3, and the associated FIPS 74=20
and FIPS 81.
Future use of DES by Federal agencies is to be permitted only as a=20
component function of the Triple Data Encryption Algorithm (TDEA). TDEA=20
may be used for the protection of Federal information; however, NIST=20
encourages agencies to implement the faster and stronger algorithm=20
specified by FIPS 197, Advanced Encryption Standard (AES) instead. NIST=20
proposes issuing TDEA implementation guidance as a NIST Recommendation=20
via its ``Special Publication'' series (rather than as a FIPS) as=20
Special Publication 800-67, Recommendation for Implementation of the=20
Triple Data Encryption Algorithm (TDEA).
DATES: Comments on the proposed withdrawal of DES must be received on=20
or before September 9, 2004.
ADDRESSES: Official comments on the proposed withdrawal of DES may=20
either be sent electronically to DEScomments@nist.gov or by regular=20
mail to: Chief, Computer Security Division, Information Technology=20
Laboratory, ATTN: Comments on Proposed Withdrawal of DES, 100 Bureau=20
Drive, Stop 8930, National Institute of Standards and Technology,=20
Gaithersburg, MD 20899-8930.
FOR FURTHER INFORMATION CONTACT: Mr. William Barker (301) 975-8443,=20
wbarker@nist.gov, National Institute of Standards and Technology, 100=20
Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930.
SUPPLEMENTARY INFORMATION: In 1977, the Federal government determined=20
that, while the DES algorithm was adequate to protect against any=20
practical attack for the anticipated 15-year life of the standard, DES=20
would be reviewed for adequacy every five years. DES is now vulnerable=20
to key exhaustion using massive, parallel computations.
The current Data Encryption Standard (FIPS 46-3) still permits the=20
use of DES to protect Federal government information. Since the=20
strength of the original DES algorithm is no longer sufficient to=20
adequately protect Federal government information, it is necessary to=20
withdraw the standard.
In addition, NIST proposes the simultaneous withdrawal of FIPS 74,=20
Guidelines for Implementing and Using the NBS Data Encryption Standard=20
and FIPS 81, DES Modes of Operation. FIPS 74 is an implementation=20
guideline specific to the DES. An updated NIST Special Publication 800-
21, Guideline for Implementing Cryptography in the Federal Government,=20
will provide generic implementation and use guidance for NIST-approved=20
block cipher algorithms (e.g., TDEA and AES). Because it is DES-
specific, and DES is being withdrawn, the simultaneous withdrawal of=20
FIPS 74 is proposed.
FIPS 81 defines four modes of operation for the DES that have been=20
used in a wide variety of applications. The modes specify how data is=20
to be encrypted (cryptographically protected)
[[Page 44510]]
and decrypted (returned to original form) using DES. The modes included=20
in FIPS 81 are the Electronic Codebook (ECB) mode, the Cipher Block=20
Chaining (CBC) mode, the Cipher Feedback (CFB) mode, and the Output=20
Feedback (OFB) mode. NIST Special Publication 800-38A, Recommendation=20
for Block Cipher Modes of Operation, specifies modes of operation for=20
generic block ciphers. Together with an upcoming message authentication=20
code recommendation, SP 800-38B, SP 800-38A is a functional replacement=20
for FIPS 81. FIPS 81 is DES-specific and is proposed for withdrawal=20
along with FIPS 46-3 and FIPS 74.
NIST invites public comments on the proposed withdrawal of FIPS 46-
3, FIPS 74 and FIPS 81. After the comment period closes, NIST will=20
analyze the comments and make appropriate recommendations for action to=20
the Secretary of Commerce.
Future use of FIPS 46-3 by Federal agencies is proposed to be=20
permitted only as a component function of the Triple Data Encryption=20
Algorithm or ``TDEA.'' TDEA encrypts each block three times with the=20
DES algorithm, using either two or three different 56-bit keys. This=20
approach yields effective key lengths of 112 or 168 bits. TDEA is=20
considered a very strong algorithm. The original 56-bit DES algorithm=20
can be modified to be interoperable with TDEA.
Though TDEA may be used for several more years to encourage=20
widespread interoperability, NIST instead encourages agencies to=20
implement the stronger and more efficient algorithm specified by FIPS=20
197, Advanced Encryption Standard (AES) when building new systems. TDEA=20
implementation guidance will be issued as a NIST Recommendation rather=20
than as a FIPS. NIST plans to issue TDEA as Special Publication 800-67,=20
Recommendation for Implementation of the Triple Data Encryption=20
Algorithm (TDEA).
Authority: Federal Information Processing Standards Publications=20
(FIPS PUBS) are issued by the National Institute of Standards and=20
Technology after approval by the Secretary of Commerce pursuant to=20
section 5131 of the Information Technology Management Reform Act of=20
1996 and the Federal Information Security Management Act of 2002,=20
Public Law 107-347.
E.O. 12866: This notice has been determined not to be=20
significant for purposes of E.O. 12866.
Dated: July 18, 2004.
Hratch Semerjian,
Acting Director, NIST.
[FR Doc. 04-16894 Filed 7-23-04; 8:45 am]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
