DES, RSA Security
DES, RSA Security
DES, RSA Security
DES is was considered to be insecure for many applications. This is chiefly due to the 56-
bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier
Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes. There
are also some analytical results which demonstrate theoretical weaknesses in the cipher,
although they are infeasible to mount in practice. The algorithm is believed to be
practically secure in the form of Triple DES, although there are theoretical attacks. In
recent years, the cipher has been superseded by the Advanced Encryption Standard
(AES). Furthermore, DES has been withdrawn as a standard by the National Institute of
Standards and Technology (formerly the National Bureau of Standards).
In some documentation, a distinction is made between DES as a standard and DES the
algorithm which is referred to as the DEA (the Data Encryption Algorithm). DES is the
archetypal block cipher — an algorithm that takes a fixed-length string of plaintext bits and
transforms it through a series of complicated operations into another ciphertext bitstring of
the same length. In the case of DES, the block size is 64 bits. DES also uses a key to
customize the transformation, so that decryption can supposedly only be performed by
those who know the particular key used to encrypt. The key ostensibly consists of 64 bits;
however, only 56 of these are actually used by the algorithm. Eight bits are used solely for
checking parity, and are thereafter discarded. Hence the effective key length is 56 bits,
and it is usually quoted as such.
Like other block ciphers, DES by itself is not a secure means of encryption but must
instead be used in a mode of operation. FIPS-81 specifies several modes for use with
DES.
DATA ENCRYPTION STANDARD
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the
National Institute of Standards and Technology after approval by the Secretary of
Commerce pursuant to Section 5131 of the Information Technology Management Reform
Act of 1996 (Public Law 104- 106), and the Computer Security Act of 1987 (Public Law
100-235).
1. Name of Standard. Data Encryption Standard (DES).
2. Category of Standard. Computer Security, Cryptography.
3. Explanation. The Data Encryption Standard (DES) specifies two FIPS approved
cryptographic algorithms as required by FIPS 140-1. When used in conjunction with
American National Standards Institute (ANSI) X9.52 standard, this publication provides a
complete description of the mathematical algorithms for encrypting (enciphering) and
decrypting (deciphering) binary coded information. Encrypting data converts it to an
unintelligible form called cipher. Decrypting cipher converts the data back to its original
form called plaintext. The algorithms described in this standard specifies both enciphering
and deciphering operations which are based on a binary number called a key.
A DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly
generated and used directly by the algorithm. The other 8 bits, which are not used by the
algorithm, may be used for error detection. The 8 error detecting bits are set to make the
parity of each 8-bit byte of the key odd, i.e., there is an odd number of "1"s in each 8-bit
byte1. A TDEA key consists of three DES keys, which is also referred to as a key bundle.
Authorized users of encrypted computer data must have the key that was used to encipher
the data in order to decrypt it. The encryption algorithms specified in this standard are
commonly known among those using the standard. The cryptographic security of the data
depends on the security provided for the key used to encipher and decipher the
data. Data can be recovered from cipher only by using exactly the same key used to
encipher it.
Unauthorized recipients of the cipher who know the algorithm but do not have the correct
key cannot derive the original data algorithmically. However, it may be feasible to
determine the key by a brute force “exhaustion attack.” Also, anyone who does have the
key and the algorithm can easily decipher the cipher and obtain the original data. A
standard algorithm based on a secure key thus provides a basis for exchanging encrypted
computer data by issuing the key used to encipher it to those authorized to have the data.
Data that is considered sensitive by the responsible authority, data that has a high value,
or data that represents a high value should be cryptographically protected if it is vulnerable
to unauthorized disclosure or undetected modification during transmission or while in
storage. A risk analysis should be performed under the direction of a responsible authority
to determine potential threats. The costs of providing cryptographic protection using this
standard as well as alternative methods of providing this protection and their respective
costs should be projected. A responsible authority then should make a decision, based on
these analyses, whether or not to use cryptographic protection and this standard.
In 1995 RSA sent a handful of people across the hall to found Digital Certificates
International (better known as VeriSign).
The company then called Security Dynamics acquired RSA Data Security in
July 1996 and DynaSoft AB in 1997.
In January 1997 it proposed the first of the DES Challenges which led to the first
public breaking of a message based on the Data Encryption Standard.
In February 2001, it acquired Xcert International, Inc., a privately held company that
developed and delivered digital certificate-based products for securing e-business
transactions.