DES Final Death Knell?

It's already on its way out, but last week's CCA hack might be the last straw for the encryption standard.

November 14, 2001

Any company still securing its systems with single Data Encryption Standard (DES) encryption may want to rethink its security posture. Last week, Cambridge computing students Michael Bond and Richard Clayton devised a hack that revealed weaknesses in the Common Cryptographic Architecture API, used by an IBM 4758.

"Straight DES has been dead for a year," Gartner security analyst John Pescatore says. "Triple DES is the minimum you should be using currently, and now is the time to be moving to" Advanced Encryption Standard.

Single DES is a NIST-standard secret cryptography key method that uses a 56-bit key, and is based on an algorithm designed by IBM and the U.S. National Security Agency. Triple DES uses three keys to encrypt data.

Advanced Encryption Standard was selected by the U.S. Department of Commerce in October 2000 and is expected to eventually replace triple DES. Unlike DES, which is limited to key lengths of 56 bits, AES can support 128-, 192-, and 256-bit keys.

More Insights

White Papers

More White Papers

Webinars

More Webinars

Reports

More Reports

Editor's Choice

Special Report: How Fragile is the Cloud, Really?

Sara Peters, Editor-in-Chief, InformationWeek / Network Computing

10 Creative Ways to Slice IT Costs

Pam Baker, Contributing Writer