Feeds

US.gov plans DES's retirement

Pipe and slippers for venerable algorithm

  • alert
  • submit to reddit

Website security in corporate America

The ageing Data Encryption Standard (DES) is no longer secure enough for use by government and should be replaced by Advanced Encryption Standard (AES) instead, according to a key US government standards agency.

The National Institute of Science and Technology (NIST) yesterday proposed to withdraw the Federal Information Processing Standard for DES, effectively pensioning off the venerable old algorithm. Interested parties have until 9 September to respond to NIST's retirement plans.

DES has been a key US government (and therefore industry) security technology since 1977 but now its beginning to crack up - it just can't keep up with these whippersnappers in Unis with their new, fancy computers. NIST notes that DES is now vulnerable to brute force attack - thanks to advances in parallel computing.

DES's shortcomings have been apparent for some time, so NIST's retirement plans will come as no great surprise to cryptographers and other members of the code-breaking community. The review of DES that led up to NIST's recommendation to drop its use by Federal agencies reached an inescapable conclusion.

Even though NIST will sanction the use of Triple-DES even after DES is sent off to pasture, the agency is encouraging Federal agencies to implement the faster and stronger Advanced Encryption Standard. ®

Related stories

The encryption algorithm demolition derby (the Genesis of AES)
US give AES the official yes
IETF puts weight behind Advanced Encryption Standard
New AES crypto standard broken already?
56-bit crypto code cracked in a day

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.