National Institute of Standards and Technology (NIST), Commerce.
Notice; request for comments.
The Data Encryption Standard (DES), currently specified in Federal Information Processing Standard (FIPS) 46-3, was evaluated pursuant to its scheduled review. At the conclusion of this review, NIST determined that the strength of the DES algorithm is no longer sufficient to adequately protect Federal government information. As a result, NIST proposes to withdraw FIPS 46-3, and the associated FIPS 74 and FIPS 81.
Future use of DES by Federal agencies is to be permitted only as a component function of the Triple Data Encryption Algorithm (TDEA). TDEA may be used for the protection of Federal information; however, NIST encourages agencies to implement the faster and stronger algorithm specified by FIPS 197, Advanced Encryption Standard (AES) instead. NIST proposes issuing TDEA implementation guidance as a NIST Recommendation via its “Special Publication” series (rather than as a FIPS) as Special Publication 800-67, Recommendation for Implementation of the Triple Data Encryption Algorithm (TDEA).
Comments on the proposed withdrawal of DES must be received on or before September 9, 2004.
Official comments on the proposed withdrawal of DES may either be sent electronically to DEScomments@nist.gov or by regular mail to: Chief, Computer Security Division, Information Technology Laboratory, ATTN: Comments on Proposed Withdrawal of DES, 100 Bureau Drive, Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Mr. William Barker (301) 975-8443, firstname.lastname@example.org, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930.End Further Info End Preamble Start Supplemental Information
In 1977, the Federal government determined that, while the DES algorithm was adequate to protect against any practical attack for the anticipated 15-year life of the standard, DES would be reviewed for adequacy every five years. DES is now vulnerable to key exhaustion using massive, parallel computations.
The current Data Encryption Standard (FIPS 46-3) still permits the use of DES to protect Federal government information. Since the strength of the original DES algorithm is no longer sufficient to adequately protect Federal government information, it is necessary to withdraw the standard.
In addition, NIST proposes the simultaneous withdrawal of FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard and FIPS 81, DES Modes of Operation. FIPS 74 is an implementation guideline specific to the DES. An updated NIST Special Publication 800-21, Guideline for Implementing Cryptography in the Federal Government, will provide generic implementation and use guidance for NIST-approved block cipher algorithms (e.g., TDEA and AES). Because it is DES-specific, and DES is being withdrawn, the simultaneous withdrawal of FIPS 74 is proposed.
FIPS 81 defines four modes of operation for the DES that have been used in a wide variety of applications. The modes specify how data is to be encrypted (cryptographically protected) Start Printed Page 44510and decrypted (returned to original form) using DES. The modes included in FIPS 81 are the Electronic Codebook (ECB) mode, the Cipher Block Chaining (CBC) mode, the Cipher Feedback (CFB) mode, and the Output Feedback (OFB) mode. NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation, specifies modes of operation for generic block ciphers. Together with an upcoming message authentication code recommendation, SP 800-38B, SP 800-38A is a functional replacement for FIPS 81. FIPS 81 is DES-specific and is proposed for withdrawal along with FIPS 46-3 and FIPS 74.
NIST invites public comments on the proposed withdrawal of FIPS 46-3, FIPS 74 and FIPS 81. After the comment period closes, NIST will analyze the comments and make appropriate recommendations for action to the Secretary of Commerce.
Future use of FIPS 46-3 by Federal agencies is proposed to be permitted only as a component function of the Triple Data Encryption Algorithm or “TDEA.” TDEA encrypts each block three times with the DES algorithm, using either two or three different 56-bit keys. This approach yields effective key lengths of 112 or 168 bits. TDEA is considered a very strong algorithm. The original 56-bit DES algorithm can be modified to be interoperable with TDEA.
Though TDEA may be used for several more years to encourage widespread interoperability, NIST instead encourages agencies to implement the stronger and more efficient algorithm specified by FIPS 197, Advanced Encryption Standard (AES) when building new systems. TDEA implementation guidance will be issued as a NIST Recommendation rather than as a FIPS. NIST plans to issue TDEA as Special Publication 800-67, Recommendation for Implementation of the Triple Data Encryption Algorithm (TDEA).Start Signature
E.O. 12866: This notice has been determined not to be significant for purposes of E.O. 12866.
Dated: July 18, 2004.
Acting Director, NIST.
[FR Doc. 04-16894 Filed 7-23-04; 8:45 am]
BILLING CODE 3510-CN-P