|
|
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
DES, officially approved as a standard in 1977, heralded a new era in cryptography. Prior to DES, hardly anything about cryptography was in the realm of public interest and analysis. DES changed all that, however. By certifying a secure algorithm, the government opened an avenue for studying and attacking cryptographic algorithms. (Note: See the sidebar for a brief description of cryptanalysis, a complementary field to cryptography. Cryptanalysis is the science of attacking cryptographic algorithms.)
There have been several criticisms directed at DES, including its inadequate 56-bit key length and an alleged trapdoor inserted by the National Bureau of Standards (NBS), the predecessor to today's National Institute of Standards and Technology (NIST). Despite these gripes and further claims of attacks, DES has withstood the test of time, until recently: in January 1999, a cobbled-together network of 100,000 PCs cracked a DES-encoded message in slightly less than 24 hours.
It was apparent that with the availability of cheaper and faster hardware, DES would be rendered untenable in a few years. To address this problem, the NIST issued a Request For Comment (RFC) in 1997 for a standard -- to be called AES, or the Advanced Encryption Standard -- to replace DES. NIST would work closely with the industry and the cryptographic community to develop this next-generation private-key algorithm.
As a bit of background, private-key cryptography uses a secret key for both encryption and decryption. The algorithm employs several iterations, referred to as rounds. Each round uses a subkey derived from the key. The transformation from plaintext to ciphertext and vice versa uses the subkey and progresses through the rounds. The selection or generation of subkeys is referred to as the key schedule.
Usually, both encryption and decryption processes use the same algorithm, with the key schedule being different.
(Note: For an introduction to computer security and cryptography, see "Java Security Evolution and Concepts, Part 1: Security Nuts and Bolts," also by Raghavan N. Srinivas.)
To be a successful replacement to DES, the AES algorithm design would need to satisfy a number of criteria: strong security, simple design, good performance, and so on.
Security obviously holds the top priority for the AES algorithm. With security in mind, the algorithm must account for future resiliency -- the algorithm's designed-in ability to withstand future attacks.
Moreover, the algorithm design, contrary to conventional wisdom, should be simple so that it can be successfully cryptanalyzed.
Next on the AES criteria list: good performance. Widespread market adoption will require reasonably good performance on a variety of platforms, ranging from easy-to-crack smart cards to the largest servers. Good algorithm performance includes speed for the encryption and decryption process as well as the key schedule.