NIST says DES encryption 'inadequate'

Massively parallel computing has rendered DES breakable, standards institute claims

The National Institute of Standards and Technology (NIST) is proposing that the Data Encryption Standard (DES), a popular encryption algorithm, lose its certification for use in software products sold to the government.

The advent of massively parallel computing has rendered DES inadequate to protect federal government information, NIST said. The institute, part of the U.S. Department of Commerce, is proposing that the government withdraw Federal Information Processing Standard (FIPS) certification for DES, a move that could have ripple effects throughout the technology sector and force a wide range of legacy systems into early retirement, according to one cryptography expert.

DES was the first government-approved standard for encrypting sensitive information and grew out of research by IBM Corp. and the secretive U.S. National Security Agency (NSA), according to Paul Kocher, president of Cryptography Research Inc. The algorithm, sometimes referred to as "single DES" uses a 56-bit key to encrypt blocks of data, and can produce up to 72,000,000,000,000,000 unique keys.

While that number of unique combinations was formidable in the 1970s and '80s, given the power of computers at that time, experts were aware that the growth of computing power would, in time, render the algorithm breakable, and that DES had at most a 15-year life span, according to NIST.

By the 1990s, computers had become powerful enough that breaking the DES algorithm was achievable, even for groups with limited resources. In an 1998 experiment funded by the nonprofit civil liberties group the Electronic Frontier Foundation, Kocher and his colleagues designed a machine for about $250,000 that could break one DES key a week, he said.

With computers doubling in speed every 18 months, a similar system designed with 2004 technology could presumably break a key in 1/64th of that time using so-called "brute force" methods, which essentially try every possible key combination until the correct combination is guessed, Kocher said.

The development of parallel computing, which harnesses the power of many small computers to work on a single task, also spelled the end for FIPS, Kocher said.

"I actually expected this to happen a year ago. ... It's gotten to the point where any government curious enough to break DES traffic could," he said.

Even malicious hackers in control of an army of virus-infected "zombie" computers could make short work of the single DES algorithm, he said.

NIST is proposing that federal agencies only use DES as a component of the Triple Data Encryption Algorithm (TDEA), also known as "Triple DES." However, NIST encouraged agencies to implement the stronger and faster Advanced Encryption Standard (AES) algorithm instead.

Either Triple DES or AES are "many trillions of times" stronger than DES and could take decades -- or centuries to break, even with the current rate of advancement in computer processing speed, Kocher said.

Still, the switch to Triple DES or AES may be difficult for older software products, many of which were designed to work exclusively with single DES and may not integrate well with products using the newer algorithms, he said. The NIST Web site lists more than 450 software and hardware products dating back to 1995. While many of the newer products approved for use in the government support DES, as well as AES and Triple DES, older products frequently do not.

While the loss of FIPS certification has not yet been approved, software vendors with legacy products will likely be scrambling to update their products to work with the stronger encryption.

That could be good news for the security community, which was worried about loosely protected data, and for the companies, which may be able to charge the government for software upgrades to their products, Kocher said.

From CIO: 8 Free Online Courses to Grow Your Tech Skills