National Institute of Standards and Technology (NIST), Commerce.
The Secretary of Commerce has approved the withdrawal of FIPS 46-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. These FIPS are withdrawn because FIPS 46-3, DES, no longer provides the security that is needed to protect Federal government information. FIPS 74 and 81 are associated standards that provide for the implementation and operation of the DES. Federal government organizations are now encouraged to use FIPS 197, Advanced Encryption Standard (AES), which was approved for Federal government use in November 2001. FIPS 197 specifies a faster and stronger algorithm than the DES for encryption. For some applications, Federal government departments and agencies may use the Triple Data Encryption Algorithm to provide cryptographic protection for their information. This algorithm and its uses have been specified in NIST Special Publication 800-67, Recommendations for the Triple Data Encryption Algorithm (TDEA) Block Cipher, issued in May 2004. FIPS 197 and SP 800-67 are available on NIST's Web pages. The content of these withdrawn standards will remain available at http://csrc.nist.gov/publications/fips/index.html as reference documents and these three FIPS will be listed as withdrawn, rather than current FIPS.
These standards are withdrawn as of May 19, 2005.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Mr. William Barker (301) 975-8443, firstname.lastname@example.org, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930.End Further Info End Preamble Start Supplemental Information
In July 2004, a notice was published in the Federal Register proposing the withdrawal of FIPS 46-3, DES; FIPS 74, Start Printed Page 28908Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. The Federal Register notice solicited comments from the public, academic and research communities, manufacturers, voluntary standards organizations, and Federal, state, and local government organizations. In addition to being published in the Federal Register, the notice was posted on the NIST Web site.
Comments and questions were received from thirteen private sector organizations or individuals, and two federal government organizations. Seven of the submitted comments supported the withdrawal of the DES. Five comments recognized the inadequacy of the DES and did not oppose the withdrawal, but raised transition issues or suggested that NIST keep the specifications available for private sector organizations that wish to use them or make provisions for continued use of the DES. One industry organization and two individuals opposed the withdrawal of the DES, citing the large investments made in DES technology by their organizations and others.
Following is an analysis of the comments dealing with technical and transition issues.
Comment: NIST should consider allowing the continued use of DES implementations that only decrypt data, enabling agencies to recover the data that they have already encrypted using the DES.
Response: NIST guidance contained in draft Special Publication 800-57, Recommendation for Key Management, Part 1 General Guideline, covers this situation. SP 800-57 expands on guidance issued in Special Publication 800-21, Guideline for Implementing Cryptography in the Federal Government, and recommends that agencies re-encrypt information that had been encrypted using an algorithm and key size that no longer provide adequate protection. Thus, Federal government information that has been encrypted with the DES should be re-encrypted using a FIPS-approved algorithm and an appropriate key size that agencies determine will provide adequate security for the information for the remainder of its life.
Comment: NIST should note certain limits that might be reached when using two-key Triple DES. The recommended safe default when using two-key Triple-DES is to re-key before encrypting 240 blocks.
Response: These specific applications and requirements are outside the scope of the recommended action to withdraw FIPS 46-3 and two associated standards.
Comment: NIST should retain the availability of the technique in FIPS 74 that specifies the encryption of numeric data into numeric data. This technique is used to protect customer data that a bank might share with a telemarketing firm.
Response: NIST will place FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard, on NIST's Web page at http://www.itl.nist.gov/fipspubs/ under Withdrawn FIPS. The standard will be marked as inadequate for the protection of Federal government information.
Comment: NIST should provide a timetable and a transition strategy for the discontinuation of the use of DES implementations. NIST should clarify the transition from the use of applied and embedded DES products.
Response: A proposed transition strategy for validating algorithms and cryptographic modules has been posted for public comment on NIST's Web page at http://csrc.nist.gov/cryptval/ under “Notices.” The transition plan addresses the use by Federal agencies of DES implementations, which are incorporated in cryptographic modules, and which have been validated under the Cryptographic Module Validation Program. The transition plan allows Federal agencies and vendors to make a smooth transition to stronger cryptographic algorithms such as AES or Triple-DES.
Comment: The DES should be retained because it is widely used in the market.
Response: NIST believes that the DES no longer provides adequate protection for Federal government information, and therefore recommends withdrawal of FIPS 46-3 and associated standards. When FIPS 46-3 was reaffirmed in 1999, the standard stated that NIST could no longer support the use of single DES for many applications, and that agencies with legacy single DES systems should start the transition to Triple DES. The specifications for the standards that have been withdrawn will be placed on NIST's Web page at http://www.itl.nist.gov/fipspubs/ under Withdrawn FIPS. All of the withdrawn standards will be marked as inadequate for the protection of Federal government information, but will be available to private sector organizations that wish to use them.
Comment: FIPS 46-3 and associated standards are used in the commercial world and serve important functions, including use by the entertainment industry for real-time broadcast security, to prevent unrestricted copying of files, and for the security of digital television signals. The standards should be reaffirmed for use by non-government organizations or made available in electronic form to non-government organizations that wish to use them.
Response: The specifications for FIPS 46-3 (DES) and the associated standards will be placed on NIST's Web page at http://www.itl.nist.gov/fipspubs/ under Withdrawn FIPS. All of the withdrawn standards will be marked as inadequate for the protection of Federal government information, but will be available to private sector organizations that wish to use them.
Comment: NIST should issue the Triple-DES as a FIPS and encourage implementers to use both the TDES and the Advanced Encryption Standard in their products.
Response: Although both AES and three-key TDES are considered adequate for the protection of Federal government information for many years, TDES is less efficient and is slightly less secure than AES. In order to encourage the use of AES over TDES, AES has been published as a Standard (FIPS 197), whereas TDES was published as a NIST Recommendation (Special Publication 800-67).
Therefore, as of the date of this Federal Register notice, FIPS 46-3, Data Encryption Standard is withdrawn as it no longer provides the security that is needed to protect Federal government information. FIPS 74, Guidelines for Implementing and Using the NBS Encryption Standard and FIPS 81, DES Modes of Operation, are also withdrawn, as they are associated standards that provide for the implementation and operation of the DES.
E.O. 12866: This notice has been determined to be significant for the purposes of E. O. 12866.Start Signature
Dated: May 12, 2005.
Hratch G. Semerjian,
Acting Director, NIST.
[FR Doc. 05-9945 Filed 5-18-05; 8:45 am]
BILLING CODE 3510-CN-P