DES, RSA Security

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 3

The 

Data Encryption Standard (DES) is a block cipher (a form of shared


secret encryption) that was selected by the National Bureau of Standards as an
official Federal Information Processing Standard (FIPS) for the United States in 1976 and
which has subsequently enjoyed widespread use internationally. It is based on
a symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial
with classified design elements, a relatively short key length, and suspicions about a
National Security Agency (NSA) backdoor. DES consequently came under intense
academic scrutiny which motivated the modern understanding of block ciphers and
their cryptanalysis.

DES is was considered to be insecure for many applications. This is chiefly due to the 56-
bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier
Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes. There
are also some analytical results which demonstrate theoretical weaknesses in the cipher,
although they are infeasible to mount in practice. The algorithm is believed to be
practically secure in the form of Triple DES, although there are theoretical attacks. In
recent years, the cipher has been superseded by the Advanced Encryption Standard
(AES). Furthermore, DES has been withdrawn as a standard by the National Institute of
Standards and Technology (formerly the National Bureau of Standards).

In some documentation, a distinction is made between DES as a standard and DES the
algorithm which is referred to as the DEA (the Data Encryption Algorithm). DES is the
archetypal block cipher — an algorithm that takes a fixed-length string of plaintext bits and
transforms it through a series of complicated operations into another ciphertext bitstring of
the same length. In the case of DES, the block size is 64 bits. DES also uses a key to
customize the transformation, so that decryption can supposedly only be performed by
those who know the particular key used to encrypt. The key ostensibly consists of 64 bits;
however, only 56 of these are actually used by the algorithm. Eight bits are used solely for
checking parity, and are thereafter discarded. Hence the effective key length is 56 bits,
and it is usually quoted as such.

Like other block ciphers, DES by itself is not a secure means of encryption but must
instead be used in a mode of operation. FIPS-81 specifies several modes for use with
DES.
DATA ENCRYPTION STANDARD
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the
National Institute of Standards and Technology after approval by the Secretary of
Commerce pursuant to Section 5131 of the Information Technology Management Reform
Act of 1996 (Public Law 104- 106), and the Computer Security Act of 1987 (Public Law
100-235).
1. Name of Standard. Data Encryption Standard (DES).
2. Category of Standard. Computer Security, Cryptography.
3. Explanation. The Data Encryption Standard (DES) specifies two FIPS approved
cryptographic algorithms as required by FIPS 140-1. When used in conjunction with
American National Standards Institute (ANSI) X9.52 standard, this publication provides a
complete description of the mathematical algorithms for encrypting (enciphering) and
decrypting (deciphering) binary coded information. Encrypting data converts it to an
unintelligible form called cipher. Decrypting cipher converts the data back to its original
form called plaintext. The algorithms described in this standard specifies both enciphering
and deciphering operations which are based on a binary number called a key.
A DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly
generated and used directly by the algorithm. The other 8 bits, which are not used by the
algorithm, may be used for error detection. The 8 error detecting bits are set to make the
parity of each 8-bit byte of the key odd, i.e., there is an odd number of "1"s in each 8-bit
byte1. A TDEA key consists of three DES keys, which is also referred to as a key bundle.
Authorized users of encrypted computer data must have the key that was used to encipher
the data in order to decrypt it. The encryption algorithms specified in this standard are
commonly known among those using the standard. The cryptographic security of the data
depends on the security provided for the key used to encipher and decipher the
data. Data can be recovered from cipher only by using exactly the same key used to
encipher it.
Unauthorized recipients of the cipher who know the algorithm but do not have the correct
key cannot derive the original data algorithmically. However, it may be feasible to
determine the key by a brute force “exhaustion attack.” Also, anyone who does have the
key and the algorithm can easily decipher the cipher and obtain the original data. A
standard algorithm based on a secure key thus provides a basis for exchanging encrypted
computer data by issuing the key used to encipher it to those authorized to have the data.
Data that is considered sensitive by the responsible authority, data that has a high value,
or data that represents a high value should be cryptographically protected if it is vulnerable
to unauthorized disclosure or undetected modification during transmission or while in
storage. A risk analysis should be performed under the direction of a responsible authority
to determine potential threats. The costs of providing cryptographic protection using this
standard as well as alternative methods of providing this protection and their respective
costs should be projected. A responsible authority then should make a decision, based on
these analyses, whether or not to use cryptographic protection and this standard.

RSA - RSA, The Security Division of EMC Corporation, is headquartered in Bedford,


Massachusetts, United States, and maintains offices inAustralia, Ireland, Israel, the United
Kingdom, Singapore, India, China, Hong Kong and Japan.
Ron Rivest, Adi Shamir and Leonard Adleman developed the RSA encryption algorithm in
1977. They founded RSA Data Security in 1982.

 In 1995 RSA sent a handful of people across the hall to found Digital Certificates
International (better known as VeriSign).
 The company then called Security Dynamics acquired RSA Data Security in
July 1996 and DynaSoft AB in 1997.

 In January 1997 it proposed the first of the DES Challenges which led to the first
public breaking of a message based on the Data Encryption Standard.
 In February 2001, it acquired Xcert International, Inc., a privately held company that
developed and delivered digital certificate-based products for securing e-business
transactions.

 In May 2001, it acquired 3-G International, Inc., a privately held company that


developed and delivered smart card and biometric authentication products.

 In August 2001, it acquired Securant Technologies, Inc., a privately held company


that produced ClearTrust, an identity management product.

 In December 2005, it acquired Cyota, a privately held company specializing in


online security and anti-fraud solutions for financial institutions.

 In April 2006 it acquired PassMark Security

 On June 29, 2006 it was announced that EMC Corporation will acquire RSA


Security for $2.1 billion

 On September 14, 2006 RSA stockholders approved the acquisition of the


company by EMC Corporation

In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly


described it) is an algorithm for public-key cryptography. It is the first algorithm known to
be suitable for signing as well as encryption, and was one of the first great advances in
public key cryptography. RSA is widely used in electronic commerce protocols, and is
believed to be secure given sufficiently long keys and the use of up-to-date
implementations.

The RSA algorithm has become the de facto standard for industrial-strength encryption,


especially for data sent over the Internet. It is built into many software products,
including Netscape Navigator and Microsoft Internet Explorer. The technology is so powerful
that the U.S. government has restricted exporting it to foreign countries.

You might also like