New encryption standard will help

The Advanced Encryption Standard (AES), which the government has chosen to replace the 25-year-old Data Encryption Standard (DES), will play a big role in the future effectiveness of wireless handheld security.

AES is an algorithm that supports variable key lengths ranging from 128 bits to 256 bits. In comparison, DES has a fixed, 56-bit key length. A variation called Triple DES can use various combinations of DES keys to provide much stronger encryption, but it makes great demands on a computer's processor because it needs multiple passes to encrypt data.

Therefore, Triple DES is not a viable solution for resource-constrained devices such as handhelds and mobile phones.

The ability to handle keys of various lengths and the flexibility to add stronger encryption over time will prove to be valuable.

"We learned from DES the fallacy of a fixed-key approach," said Mike Vergara, director of product marketing at RSA Security Inc. "With AES, people can be smart enough to build in security that can apply more 'voltage' as it's needed."

AES is designated as Federal Information Processing Standard 197. The National Institute of Standards and Technology began awarding AES validations to vendor solutions earlier this year, and broad adoption of AES is expected by 2004.