We Owe Much to DES

By Bruce Schneier  |  Posted 2004-08-30 Print this article Print

DES did yeoman security service for thousands of applications, says Counterpane Internet Security CEO Bruce Schneier.

It was a historic moment when, last month, the National Institute of Standards and Technology proposed withdrawing the Data Encryption Standard as an encryption standard.

DES has been the most popular encryption algorithm for 25 years. Developed at IBM, it was chosen by the National Bureau of Standards (now NIST) as the government-standard encryption algorithm in 1976. Since then, it has become an international encryption standard and has been used in thousands of applications, despite concerns about its short key length.

In 1972, the NBS initiated a program to protect computer and communications data that included a standard encryption algorithm. IBM submitted an algorithm that used simple logical operations on small groups of bits and could be implemented efficiently in mid-1970s hardware. The algorithms key strength comes from an S-box, a nonlinear table-lookup specified by strings of constants.

NBS lacked the ability to evaluate the algorithm, so it turned to the National Security Agency for help. NSA changed the constants in the S-boxes and reduced the key size from its original 128 bits to 56 bits—less than the specified 64 bits. The revised algorithm, DES, was published by NBS in March 1975. There was a public outcry among the few who paid attention because the NSA did not make the changes public and gave no rationale for them. Only in the 90s was it learned that the S-box changes were made for classified reasons.

Despite criticism, the DES was adopted as a Federal Information Processing Standard in November 1976. DES was also adopted by other standards bodies worldwide, including the American National Standards Institute and the International Organization for Standardization. It became the standard encryption algorithm in the banking industry and was used in many applications around the world. NBS recertified DES for the first time in 1987; NIST recertified DES in 1993; and, in 1997, both bodies initiated a program to replace DES with the Advanced Encryption Standard.

In the late 90s, it was widely believed that NSA could break DES by trying every possible key, something called brute force cryptanalysis. The Electronic Frontier Foundation demonstrated this ability in July 1998, when John Gilmore built a $250,000 machine that could break a DES key by brute force in a few days. Years before, more-secure applications had already converted to the triple-DES encryption algorithm, which is the application of three DES encryptions, effectively lengthening the key. Its in wide use today to protect all kinds of secrets.

eWEEK Technology Editor Peter Coffee says 3DES demands careful design and informed choices. Click here to read his column. Almost all todays newer encryption algorithms have roots in DES, on which the modern academic discipline of cryptography was founded. Every standard should have such long, useful life.

Bruce Schneier is the CTO of Counterpane Internet Security Inc. You can subscribe to his monthly e-mail newsletter, Crypto-Gram, at www.schneier.com. Free Spectrum is a forum for the IT community. Send submissions to free_spectrum@ziffdavis.com.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page


Internationally-renowned security technologist and author Bruce Schneier is both a Founder and the Chief Technical Officer of Counterpane Internet Security, Inc. He established the Company with Tom Rowley to address the critical need for strong, cost-effective, and resilient network security. Counterpane Internet Security, Inc. provides Managed Security Monitoring services to organizations world-wide. Outsourced security monitoring provides a level of security unattainable through conventional security products.

Schneier is responsible for maintaining the Company's technical lead in world-class information security technology and its practical and effective implementation. Schneier's security experience makes him uniquely qualified to shape the direction of the company's research endeavors, as well as to act as a spokesperson to the business community on e-commerce issues and solutions.

While president of Counterpane Systems, Schneier designed and analyzed hardware and software cryptographic systems, advised sophisticated clients on products and markets, and taught technical as well as business courses related to the field of cryptography. Concerns as diverse as Microsoft, Citibank, and the National Security Agency, have all relied upon Schneier's unique expertise. Schneier designed the popular Blowfish encryption algorithm. And Schneier's Twofish was a finalist for the new Federal Advanced Encryption Standard (AES).

Schneier is the author of six books, including Secrets &, Lies: Digital Security in a Networked World. Published in October 2000, ",Secrets &, Lies", has already sold 70,000 copies. One of his earlier books, Applied Cryptography, now in its second edition, is the seminal work in its field and has sold over 130,000 copies worldwide. He currently writes the free email newsletter ",Crypto-Gram,", which has over 60,000 readers. He has presented papers at many international conferences, and he is a frequent writer, contributing editor, and lecturer on the topics of cryptography, computer security, and privacy. Schneier served on the board of directors of the International Association for Cryptologic Research, and is an Advisory Board member for the Electronic Privacy Information Center.

Schneier holds an MS degree in computer science from American University and a BS degree in physics from the University of Rochester.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel