Forwarded From: Jason Terwilliger <jlt8903@osfmail.isc.rit.edu>
March 31, 1998
U.S. Group Delays Encryption Standard
By JOHN MARKOFF
A government standards group has delayed the adoption of a new data
scrambling standard for protecting the world's most sensitive financial
transactions, including most banks' electronic funds transfers, after the
discovery by two computer scientists of a weakness that could allow the
code to be cracked.
The flaw was discovered by Eli Biham, a well-known cryptographer at the
Technion research institution in Israel, and by Lars Knudsen at the
University of Bergen in Norway.
A paper detailing their discovery is to be presented at a technical
conference in May.
In their paper, which is available on the Technion Web site, Biham and
Knudsen report that an ultra-strong version of the United States Data
Encryption Standard known as Triple D.E.S. can under certain circumstances
be reduced in strength so that it is no more robust than the current
encryption algorithm, which financial institutions have widely used as a
security mechanism for several decades.
Computer security experts are eager to replace the current code because it
has become vulnerable to new code-cracking techniques. When the code was
developed, its designers had predicted that if it could be broken it would
take hundreds of years, requiring constant trial-and-error calculations by
the world's fastest supercomputers.
But the code was publicly broken for the first time last year by a loosely
organized group of computer users just to show that it could be done.
Thousands of members of the group volunteered the use of their own
computers, ranging from desktop PC's to supercomputers, whose processors
were combined over the Internet to attack the problem over a five-month
period with an approach known as massively distributed computing. In
distributed computing, each computer tests just a few of a vast array of
possible keys, or numbers, to break the code.
The strength of most modern encryption systems is determined by
the length of the numerical key that is used to encrypt the
information. While the proposed new standard uses a key the same
length as the current key -- 56 bits -- it encrypts the message three
times with three different keys. For each key, there are several
possible ways of encrypting the data, known as modes. Mr. Biham and Mr.
Knudsen said the flaw appeared in a single mode of the Triple
D.E.S. proposal, which is before a subcommittee of the American National
Standards Institute.
The scientists stressed in an interview that their paper, which also
proposes several modifications to strengthen the standard, described only
a theoretical weakness and not a practical means of breaking the Triple
D.E.S. But they suggested that the weakness was cause for concern.
As a result of the distribution of the paper within the subcommittee, it
decided to drop the vulnerable mode of the proposed standard, said the
chairman, Blake Greenlee.
"My hat's off to Eli; he did a nice job," Greenlee said. The subcommittee
that is evaluating the standards is known as X9.F1, and it oversees the
development of new cryptographic tools.
The subcommittee is now awaiting final approval of its revised standard by
the entire committee, he said. Once the committee gives its approval,
there is a 60-day public comment period before the new standard takes
effect.
The Triple D.E.S. is intended to serve as a stopgap measure while the
National Institute for Standards and Technology completes work on a still
more secure design known as the Advanced Encryption Standard, or A.E.S.
Competing proposals for that system, which is intended to protect computer
data transmissions well into the next century, will be submitted this
summer.
The A.E.S. will have key lengths of 128, 192 and 256 bits, as compared
with the current 56-bit length of D.E.S., placing it safely beyond the
reach of the most powerful computers now anticipated for the future.
The original D.E.S. key is a secret number that is used to perform a
series of mathematical scrambling operations on a message or on other
computer data. When the scrambled message is received, the same secret key
is used to reverse the process and unscramble the data.
The current D.E.S. is based on research that was originally done at the
International Business Machines Corporation's Thomas J. Watson Research
Laboratory in the 1970's as part of a project code-named "Lucifer." It was
adopted as a national standard in 1977.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Tue Mar 31 12:30:18 1998