STRATEGIC PARTNERS
December 5, 2001
WASHINGTON, D.C. -- The U.S. government has approved a new data encryption standard to protect sensitive information in federal computer systems, replacing a dated and less-than-secure standard implemented in 1977, according to a Newsbytes report.
The National Institute for Standards and Technology (NIST) selected the Advanced Encryption Standard (AES), a new encryption technology that will be used to beef up security for a range of electronic transactions, from ATM withdrawals to e-mail to e-commerce.
"The AES will help the nation protect its critical information infrastructures and ensure privacy for personal information about individual Americans," U.S. Commerce Department Secretary Don Evans said in a written statement.
The announcement caps a four-year competition for the new standard, in which cryptographic experts worldwide were invited to try to crack candidate encryption codes to test their integrity.
The winning standard, named Rijndael (pronounced "Rain Doll"), is named after its co-creators, Belgian cryptographers Joan Daemen and Vincent Rijmen.
Rijndael uses an algorithm that encodes electronic communications by generating random numbers using 128, 192, or 256-bit encryption keys.
To give some idea of the added complexity of the new key, the standard in place for the past 20 years relied on a 56-bit key, which provided for approximately 10,000,000,000,000,000 different keys. By comparison, the new 128-bit keys provide a sextillion times greater number of possible keys (a number expressed by 340 followed by 36 zeros.)
The earlier standard was cracked in the late 1990s after researchers developed machines that could recover a 56-bit key within a few hours. According to NIST, assuming that one could build a machine capable of recovering a 56-bit key in one second, it would take that same machine roughly 149 trillion years to crack a 128-bit AES key.
The Commerce Department said it expects the new encryption standard to remain secure "well beyond 20 years."
