DES set for overhaul

The National Institute of Standards and Technology is preparing to change for the first time in almost 20 years the required federal standard for the protection of all encrypted government data characterized as sensitive but unclassified.

NIST is preparing a Federal Register request for an algorithm to succeed the Data Encryption Standard said Anne Enright Shepherd a NIST spokeswoman. DES is the national encryption standard that has been prominent in all but the most secret agencies and is offered in the products of most federal contractors.For example DES is embedded in all of the government's secure telephones the Energy Department has multiple networks that use DES it is the basis for the Treasury Department's electronic funds transfer program and the Federal Reserve uses DES to encrypt connections between the depository financial institutions and Federal Reserve banks.

The request will have to be approved by NIST officials the Commerce Department and the Office of Management and Budget. Shepherd said it is being "worked through the process." She could not provide any details before its publication.

She did say however that because of the "huge installed base of DES products being used by the government " many agencies have asked for a transition period if any changes are made.

Use of DES in both the public and private sectors is extensive said Frank Dzubeck president of Washington D.C.-based Communications Network Architects Inc.

"DES is pretty much the encryption standard being used by most of the vendors in the world for standard encryption " he said.

"The government was the instigator the last time of DES and it fed very quickly into the commercial space " he added.

As a result of the widespread use vendors and government users would be affected by any change to the standard.

"Everyone who is using DES will have to change from a federal standpoint " Dzubeck said. "Anybody that deals with the federal government will have to change. The ripple effect is significant."

DES was first published in 1977. Regardless of which algorithm is tapped to replace DES the trick to its success will be to convince the commercial sector to invest in the change in an encryption standard without widespread evidence of its need said Mike Schwartz president of Prime Factors Inc. an Oregon-based security firm.

"Even if NIST were to say `Here is a new standard ' why would anyone do anything about it because DES shows no sign of weakening " he said.