1 min read

DES Final Death Knell?

It's already on its way out, but last week's CCA hack might be the last straw for the encryption standard.
Any company still securing its systems with single Data Encryption Standard (DES) encryption may want to rethink its security posture. Last week, Cambridge computing students Michael Bond and Richard Clayton devised a hack that revealed weaknesses in the Common Cryptographic Architecture API, used by an IBM 4758.

"Straight DES has been dead for a year," Gartner security analyst John Pescatore says. "Triple DES is the minimum you should be using currently, and now is the time to be moving to" Advanced Encryption Standard.

Single DES is a NIST-standard secret cryptography key method that uses a 56-bit key, and is based on an algorithm designed by IBM and the U.S. National Security Agency. Triple DES uses three keys to encrypt data.

Advanced Encryption Standard was selected by the U.S. Department of Commerce in October 2000 and is expected to eventually replace triple DES. Unlike DES, which is limited to key lengths of 56 bits, AES can support 128-, 192-, and 256-bit keys.