I think it's not news, but please read if you don't know about it yet...
Goodbye DES, Welcome AES
By:
Edgar Danielyan
Much has changed since introduction of the Data Encryption Standard (DES) [2] in 1977. Our hardware is faster, we have more memory, and the use of computer networks in all areas of human activity is increasing. The widely used DES has, on several occasions, been proven to be inadequate for many applications—especially those involving the transmission of sensitive information over public networks such as the Internet, where the entire transmission may be intercepted and cryptanalyzed. Specialized hardware has been built that can determine the 56-bit DES key in a few hours. These considerations, and others, have signaled that a new standard algorithm and longer keys are necessary.
Fortunately, in January 1997, the U.S. National Institute of Standards and Technology (NIST) announced that it's time for a new encryption standard: the Advanced Encryption Standard (AES). They formalized their requirements and issued a call for candidate algorithm nominations in September 1997. The deadline for submissions was June 1998, when a total of 15 algorithms were submitted for consideration. This article shows why DES is outdated and should not be used for any purposes that require serious encryption. It also provides a brief description of the soon-to-come replacement of DES, the Advanced Encryption Standard.
Data Encryption Standard
Published as the U.S. Federal Information Processing Standard 46 in 1977, DES is still widely used, despite being proven inadequate for use in many applications. It is a symmetric block cipher (shared secret key), with its block size fixed at 64 bits. There are four defined modes of operation, with the Electronic Code Book (ECB) mode being the most widely used [1]. Additionally, DES has been incorporated into numerous other standards, such as American Bankers Association's Protection of Personal Identification Numbers in Interchange Standard, Management and Use of Personal Identification Numbers Standard, Key Management Standard, and three ANSI standards, Data Encryption Algorithm (DEA), Standard for Personal Identification Number (PIN) Management and Security, and Standard for Financial Institution Message Authentication [3]. In particular, DES is also specified as an approved algorithm in the IP Security Architecture (IPSec) standard [9], which is used in the equipment from many different suppliers.
Key Length
Key length is one of the two most important security factors of any encryption algorithm—the other one being the design of the algorithm itself. DES uses a 64-bit block for the key; however, 8 of these bits are used for odd parity and are, therefore, not counted in the key length. The effective key length is then calculated as 56 bits, giving 256 possible keys. A true 64-bit key has 256 times as many keys, whereas a 128-bit key is 272 times "better" than a 56-bit key. As if this was not enough, DES also has so-called weak and semi-weak keys. During the encryption process, the key is used to generate two values that are used for separate purposes during the process. These 16 weak and semi-weak keys will produce values that don't appear to be random. They will give outputs of all-ones, all-zeros, or distinguishable patterns of ones and zeros. It is generally recognized that these 16 key values should not be used. The key length was known to be a factor in trusting DES soon after DES was published. For this reason, people started exploring the use of multiple encryption passes and multiple keys. Triple DES (3DES) is a way of using DES encryption three times.
The most common method is to first encrypt the data block with one key. The output of this operation is run through the decryption process with a second key, and the output of that operation is run through the encryption process again with the first key. This process makes the effective key length 112 bits long. Again, the problem with weak and semi-weak keys remains. The disadvantage of Triple DES is that it is about one-third as fast as DES when processing data. This effort just slightly extended the life of DES while a suitable alternative could be found.
Breaking the DES
In addition to the brute-force key search (for example, trying every possible key in order to recover the plaintext—for DES that would be 256 keys), there is also a technique known as cryptanalysis, which may be used to find the key or the plaintext. Essentially, there are two publicized ways to cryptanalyze DES: differential and linear. Discovered by Biham and Shamir in 1990, differential cryptanalysis was previously unknown to the public. In short, differential cryptanalysis looks at the difference between pairs of ciphertext and uses the information about these differences to find the key. Linear cryptanalysis, discovered by M. Matsui, on the other hand, uses a method called linear approximations to analyze block ciphers (not only DES). Because some internal structures used in DES are not designed to be strong against linear cryptanalysis, it is quite effective when used against DES. To show that the DES is inadequate and should not be used in important systems anymore, RSA Data Security [7] sponsored a challenge to see how long it would take to decrypt successively more difficult algorithms (see
http://www.rsasecurity.com/rsalabs/challenges/ for more in-formation). Two organizations played key roles in breaking the DES: the distributed.net and the Electronic Frontier
....
Rijndael
Rijndael [4] (pronounced "Reign Dahl", "Rain Doll", or "Rhine Dahl") was designed by Joan Daemen, PhD (Proton World International, Belgium) and Vincent Rijmen (Catholic University of Leuven, Belgium). Both authors are internationally known cryptographers. Rijndael is an efficient, symmetric block cipher. It supports key and block sizes of 128, 192, and 256 bits. The main design goals for the algorithm were simplicity, performance, and strength (that is, resistance against cryptanalysis). When used in Cipher Block Chaining Message Authentication Code (CBC MAC) mode, Rijndael can be used as a MAC algorithm; it also may be used as a hash function and as a pseudo random number generator (both are special mathematical functions widely used in cryptography; an example of a hash function is Message Digest 5 (MD5)—a popular message digest algorithm by Ron Rivest). In their specification of the algorithm, the authors specifically state the strength of Rijndael against differential, truncated differential, linear, interpolation, and Square attacks. Although Rijndael is not based on Square [8], some ideas from the Square algorithm design are used in Rijndael.
Square is a 128-bit symmetric iterated block cipher designed by Daemen, Rijnmen, and Knudsen. Its primary design goal was strength against both linear and differential cryptanalyses; the high degree of parallelism of the Square algorithm allows efficient implementation on parallel computers.
Of course, the length of the key is also very important, especially because the most efficient known attack against Rijndael is an exhaustive key search. It would take 2255 runs of Rijndael to find a key 256 bits long. To the credit of the authors, Rijndael does not use "parts" or tables from other algorithms, making it easy to implement alone.
---------------------------
originaly posted at
http://www.cisco.com/warp/public/759...j_4-2_des.html By
Edgar Danielyan
-----
I hope you know whois Edgar Danilyan
if not visit his
http://www.danielyan.com/
New encryption standart! AES
