AES Is Ready to Assume Crypto Lead

ButiIts status as encryption standard already coming under close scrutiny by users and challengers.

The Advanced Encryption Standard is still more than two months away from government approval, but some vendors and cryptographers are already pouring over the spec, calling attention to its promise as well as its pitfalls.

While some tout AES as a breakthrough that will make encryption-dependent software and hardware faster and more practical for enterprise users, others are picking it apart for holes.

Rijndael (pronounced "Rhine-doll"), the algorithm chosen by the National Institute of Standards and Technology as the AES standard, will replace the current standard, DES (Data Encryption Standard). Developed by two Belgian cryptographers, Rijndael was selected by NIST as a proposed standard last fall. It then went into a public comment period.

The public comment period for AES will close May 29, at which time any necessary modifications will be made to the algorithm. AES should then become an approved federal standard a month or two later. So far, the dozen or so comments that NIST has received have been quite positive, said Jim Foti, a mathematician working on the AES project at NIST, in Washington.

AES promises more speed and security than its predecessor, and vendors such as Check Point Software Technologies Ltd. plan to be among the first to market with AES-based products. Check Point, of Redwood City, Calif., plans to unveil its Next Generation line of firewalls and VPNs (virtual private networks) this quarter.

Cisco Systems Inc. is also due to roll out AES-based products within the next few months. Cisco, of San Jose, Calif., plans to include the algorithm in its VPN and firewall hardware when AES chips are available.

The thing AES doesnt have, critics point out, is a track record. Because it is only a few years old, AES hasnt undergone the number and variety of attacks that the 25-year-old DES and its cousin, Triple DES, have.

Nevertheless, AES is turning heads. Check Points early testing shows that software using AES encryption is as much as 300 percent faster than the same program using Triple DES. This performance gain outweighs any possible security concerns, company executives and users said.

"My main concerns would be the speed and whether I can export it," said Larry Jones, principal computer scientist at Computer Sciences Corp., in El Segundo, Calif., and a user of Ciscos VPN and firewall products as well as Check Points Firewall-1. "If its faster [than Triple DES], Im interested, but the security of Triple DES is still solid."

The export standards for AES will be the same as those for Triple DES.

For its part, Triple DES will still be a valid standard even after AES is approved, making application development and implementation that much more complex. Some in the cryptography community said they believe that Triple DES will still be a solid choice.

"Triple DES is much more well-studied," said Bruce Schneier, founder and chief technology officer of Counterpane Internet Security Inc., in San Jose, and author of the Blowfish and Twofish crypto algorithms.