December 5, 2001 7:00 AM PST
U.S. approves stronger encryption standard
- Related Stories
Congress may tighten Web securityNovember 7, 2001
The Advanced Encryption Standard (AES) is intended to protect both personal and financial data for government and commercial use. It will replace the Data Encryption Standard (DES) adopted by the National Institute of Standards and Technology (NIST) in 1977 as well as the Triple DES protocol used now.
"The AES will help the nation protect its critical information infrastructures and ensure privacy for personal information about individual Americans," Secretary of Commerce Don Evans said in a statement.
Evans announced the new standard at a meeting Tuesday with members of the Business Software Alliance.
NIST officials said the new standard could be in use for 20 years or more.
NIST, which is part of the Commerce Department, has been working on a standards project for four years. The final standard was culled from an international competition, launched in September 1997, which drew responses from 12 countries.
The standard incorporates the Rijndael (pronounced "rhine doll" or "rain doll") encryption formula, developed by Belgian cryptographers Joan Daemen and Vincent Rijmen, who are not requiring royalties for the use of their work.
AES supports 128-bit, 192-bit and 256-bit keys, much larger than the 56-bit keys that DES supports.
Currently, specialized computers can crack a DES key after several hours of number crunching, NIST said.
Assuming that someone built a machine that could crack a DES key in one second, it would still take that machine 149 trillion years to crack a 128-bit key, according to NIST.
Products incorporating the new standard are expected to be available soon.