Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

[STDS-802-16] FW: Pease circulate as appropriate



This may be of interest to 802.16 participants, since the baseline encryption mode in 802.16 uses DES-CBC.
 
DJ
 


From: Walker, Jesse
Sent: Wednesday, July 28, 2004 12:47 PM
To: Johnston, Dj
Subject: Pease circulate as appropriate

-----------------------------------------------------------------------

 

DEPARTMENT OF COMMERCE

 

National Institute of Standards and Technology

 

[Docket No. 040602169-4169-01]

 

 

Announcing Proposed Withdrawal of Federal Information Processing

Standard (FIPS) for the Data Encryption Standard (DES) and Request for

Comments

 

AGENCY: National Institute of Standards and Technology (NIST),

Commerce.

 

ACTION: Notice; request for comments.

 

-----------------------------------------------------------------------

 

SUMMARY: The Data Encryption Standard (DES), currently specified in

Federal Information Processing Standard (FIPS) 46-3, was evaluated

pursuant to its scheduled review. At the conclusion of this review,

NIST determined that the strength of the DES algorithm is no longer

sufficient to adequately protect Federal government information. As a

result, NIST proposes to withdraw FIPS 46-3, and the associated FIPS 74

and FIPS 81.

    Future use of DES by Federal agencies is to be permitted only as a

component function of the Triple Data Encryption Algorithm (TDEA). TDEA

may be used for the protection of Federal information; however, NIST

encourages agencies to implement the faster and stronger algorithm

specified by FIPS 197, Advanced Encryption Standard (AES) instead. NIST

proposes issuing TDEA implementation guidance as a NIST Recommendation

via its ``Special Publication'' series (rather than as a FIPS) as

Special Publication 800-67, Recommendation for Implementation of the

Triple Data Encryption Algorithm (TDEA).

 

DATES: Comments on the proposed withdrawal of DES must be received on

or before September 9, 2004.

 

ADDRESSES: Official comments on the proposed withdrawal of DES may

either be sent electronically to  DEScomments@nist.gov  or by regular

mail to: Chief, Computer Security Division, Information Technology

Laboratory, ATTN: Comments on Proposed Withdrawal of DES, 100 Bureau

Drive, Stop 8930, National Institute of Standards and Technology,

Gaithersburg, MD 20899-8930.

 

FOR FURTHER INFORMATION CONTACT: Mr. William Barker (301) 975-8443,

wbarker@nist.gov, National Institute of Standards and Technology, 100

Bureau Drive, STOP 8930, Gaithersburg , MD 20899-8930.

 

SUPPLEMENTARY INFORMATION: In 1977, the Federal government determined

that, while the DES algorithm was adequate to protect against any

practical attack for the anticipated 15-year life of the standard, DES

would be reviewed for adequacy every five years. DES is now vulnerable

to key exhaustion using massive, parallel computations.

    The current Data Encryption Standard (FIPS 46-3) still permits the

use of DES to protect Federal government information. Since the

strength of the original DES algorithm is no longer sufficient to

adequately protect Federal government information, it is necessary to

withdraw the standard.

    In addition, NIST proposes the simultaneous withdrawal of FIPS 74,

Guidelines for Implementing and Using the NBS Data Encryption Standard

and FIPS 81, DES Modes of Operation. FIPS 74 is an implementation

guideline specific to the DES. An updated NIST Special Publication 800-

21, Guideline for Implementing Cryptography in the Federal Government,

will provide generic implementation and use guidance for NIST-approved

block cipher algorithms (e.g., TDEA and AES). Because it is DES-

specific, and DES is being withdrawn, the simultaneous withdrawal of

FIPS 74 is proposed.

    FIPS 81 defines four modes of operation for the DES that have been

used in a wide variety of applications. The modes specify how data is

to be encrypted (cryptographically protected)