Legal Status
This site displays a prototype of a “Web 2.0” version of the daily Federal Register. It is not an official legal edition of the Federal Register, and does not replace the official print version or the official electronic version on GPO’s govinfo.gov.
The documents posted on this site are XML renditions of published Federal Register documents. Each document posted on the site includes a link to the corresponding official PDF file on govinfo.gov. This prototype edition of the daily Federal Register on FederalRegister.gov will remain an unofficial informational resource until the Administrative Committee of the Federal Register (ACFR) issues a regulation granting it official legal status. For complete information about, and access to, our official publications and services, go to About the Federal Register on NARA's archives.gov.
The OFR/GPO partnership is committed to presenting accurate and reliable regulatory information on FederalRegister.gov with the objective of establishing the XML-based Federal Register as an ACFR-sanctioned publication in the future. While every effort has been made to ensure that the material on FederalRegister.gov is accurately displayed, consistent with the official SGML-based PDF version on govinfo.gov, those relying on it for legal research should verify their results against an official edition of the Federal Register. Until the ACFR grants it official status, the XML rendition of the daily Federal Register on FederalRegister.gov does not provide legal notice to the public or judicial notice to the courts.
Legal Status
Notice
Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 46-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation
A Notice by the National Institute of Standards and Technology on 05/19/2005
Document Details
Information about this document as published in the Federal Register.
- Printed version:
- Publication Date:
- 05/19/2005
- Agencies:
- National Institute of Standards and Technology
- Dates:
- These standards are withdrawn as of May 19, 2005.
- Document Type:
- Notice
- Document Citation:
- 70 FR 28907
- Page:
- 28907-28908 (2 pages)
- Agency/Docket Number:
- Docket No. 040602169-5002-02
- Document Number:
- 05-9945
Document Details
Document Statistics
- Page views:
- 294
- as of 03/04/2021 at 4:15 pm EST
Document Statistics
Published Document
This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.
Published Document
-
Enhanced Content - Table of Contents
This table of contents is a navigational tool, processed from the headings within the legal text of Federal Register documents. This repetition of headings to form internal navigation links has no substantive legal effect.
Enhanced Content - Table of Contents
-
Enhanced Content - Submit Public Comment
- This feature is not available for this document.
Enhanced Content - Submit Public Comment
-
Enhanced Content - Read Public Comments
- This feature is not available for this document.
Enhanced Content - Read Public Comments
-
Enhanced Content - Sharing
- Shorter Document URL
- https://www.federalregister.gov/d/05-9945
Enhanced Content - Sharing
-
Enhanced Content - Document Tools
These tools are designed to help you understand the official document better and aid in comparing the online edition to the print edition.
-
These markup elements allow the user to see how the document follows the Document Drafting Handbook that agencies use to create their documents. These can be useful for better understanding how a document is structured but are not part of the published document itself.
Display Non-Printed Markup Elements
Enhanced Content - Document Tools
-
-
Enhanced Content - Developer Tools
This document is available in the following developer friendly formats:
- JSON: Normalized attributes and metadata
- XML: Original full text XML
- MODS: Government Publishing Office metadata
More information and documentation can be found in our developer tools pages.
Enhanced Content - Developer Tools
Published Document
This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.
AGENCY:
National Institute of Standards and Technology (NIST), Commerce.
ACTION:
Notice.
SUMMARY:
The Secretary of Commerce has approved the withdrawal of FIPS 46-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. These FIPS are withdrawn because FIPS 46-3, DES, no longer provides the security that is needed to protect Federal government information. FIPS 74 and 81 are associated standards that provide for the implementation and operation of the DES. Federal government organizations are now encouraged to use FIPS 197, Advanced Encryption Standard (AES), which was approved for Federal government use in November 2001. FIPS 197 specifies a faster and stronger algorithm than the DES for encryption. For some applications, Federal government departments and agencies may use the Triple Data Encryption Algorithm to provide cryptographic protection for their information. This algorithm and its uses have been specified in NIST Special Publication 800-67, Recommendations for the Triple Data Encryption Algorithm (TDEA) Block Cipher, issued in May 2004. FIPS 197 and SP 800-67 are available on NIST's Web pages. The content of these withdrawn standards will remain available at http://csrc.nist.gov/publications/fips/index.html as reference documents and these three FIPS will be listed as withdrawn, rather than current FIPS.
DATES:
These standards are withdrawn as of May 19, 2005.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Mr. William Barker (301) 975-8443, wbarker@nist.gov, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
In July 2004, a notice was published in the Federal Register proposing the withdrawal of FIPS 46-3, DES; FIPS 74, Start Printed Page 28908Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. The Federal Register notice solicited comments from the public, academic and research communities, manufacturers, voluntary standards organizations, and Federal, state, and local government organizations. In addition to being published in the Federal Register, the notice was posted on the NIST Web site.
Comments and questions were received from thirteen private sector organizations or individuals, and two federal government organizations. Seven of the submitted comments supported the withdrawal of the DES. Five comments recognized the inadequacy of the DES and did not oppose the withdrawal, but raised transition issues or suggested that NIST keep the specifications available for private sector organizations that wish to use them or make provisions for continued use of the DES. One industry organization and two individuals opposed the withdrawal of the DES, citing the large investments made in DES technology by their organizations and others.
Following is an analysis of the comments dealing with technical and transition issues.
Comment: NIST should consider allowing the continued use of DES implementations that only decrypt data, enabling agencies to recover the data that they have already encrypted using the DES.
Response: NIST guidance contained in draft Special Publication 800-57, Recommendation for Key Management, Part 1 General Guideline, covers this situation. SP 800-57 expands on guidance issued in Special Publication 800-21, Guideline for Implementing Cryptography in the Federal Government, and recommends that agencies re-encrypt information that had been encrypted using an algorithm and key size that no longer provide adequate protection. Thus, Federal government information that has been encrypted with the DES should be re-encrypted using a FIPS-approved algorithm and an appropriate key size that agencies determine will provide adequate security for the information for the remainder of its life.
Comment: NIST should note certain limits that might be reached when using two-key Triple DES. The recommended safe default when using two-key Triple-DES is to re-key before encrypting 240 blocks.
Response: These specific applications and requirements are outside the scope of the recommended action to withdraw FIPS 46-3 and two associated standards.
Comment: NIST should retain the availability of the technique in FIPS 74 that specifies the encryption of numeric data into numeric data. This technique is used to protect customer data that a bank might share with a telemarketing firm.
Response: NIST will place FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard, on NIST's Web page at http://www.itl.nist.gov/fipspubs/ under Withdrawn FIPS. The standard will be marked as inadequate for the protection of Federal government information.
Comment: NIST should provide a timetable and a transition strategy for the discontinuation of the use of DES implementations. NIST should clarify the transition from the use of applied and embedded DES products.
Response: A proposed transition strategy for validating algorithms and cryptographic modules has been posted for public comment on NIST's Web page at http://csrc.nist.gov/cryptval/ under “Notices.” The transition plan addresses the use by Federal agencies of DES implementations, which are incorporated in cryptographic modules, and which have been validated under the Cryptographic Module Validation Program. The transition plan allows Federal agencies and vendors to make a smooth transition to stronger cryptographic algorithms such as AES or Triple-DES.
Comment: The DES should be retained because it is widely used in the market.
Response: NIST believes that the DES no longer provides adequate protection for Federal government information, and therefore recommends withdrawal of FIPS 46-3 and associated standards. When FIPS 46-3 was reaffirmed in 1999, the standard stated that NIST could no longer support the use of single DES for many applications, and that agencies with legacy single DES systems should start the transition to Triple DES. The specifications for the standards that have been withdrawn will be placed on NIST's Web page at http://www.itl.nist.gov/fipspubs/ under Withdrawn FIPS. All of the withdrawn standards will be marked as inadequate for the protection of Federal government information, but will be available to private sector organizations that wish to use them.
Comment: FIPS 46-3 and associated standards are used in the commercial world and serve important functions, including use by the entertainment industry for real-time broadcast security, to prevent unrestricted copying of files, and for the security of digital television signals. The standards should be reaffirmed for use by non-government organizations or made available in electronic form to non-government organizations that wish to use them.
Response: The specifications for FIPS 46-3 (DES) and the associated standards will be placed on NIST's Web page at http://www.itl.nist.gov/fipspubs/ under Withdrawn FIPS. All of the withdrawn standards will be marked as inadequate for the protection of Federal government information, but will be available to private sector organizations that wish to use them.
Comment: NIST should issue the Triple-DES as a FIPS and encourage implementers to use both the TDES and the Advanced Encryption Standard in their products.
Response: Although both AES and three-key TDES are considered adequate for the protection of Federal government information for many years, TDES is less efficient and is slightly less secure than AES. In order to encourage the use of AES over TDES, AES has been published as a Standard (FIPS 197), whereas TDES was published as a NIST Recommendation (Special Publication 800-67).
Therefore, as of the date of this Federal Register notice, FIPS 46-3, Data Encryption Standard is withdrawn as it no longer provides the security that is needed to protect Federal government information. FIPS 74, Guidelines for Implementing and Using the NBS Encryption Standard and FIPS 81, DES Modes of Operation, are also withdrawn, as they are associated standards that provide for the implementation and operation of the DES.
Start AuthorityAuthority: Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 and the Federal Information Security Management Act of 2002, Public Law 107-347.
End AuthorityE.O. 12866: This notice has been determined to be significant for the purposes of E. O. 12866.
Start SignatureDated: May 12, 2005.
Hratch G. Semerjian,
Acting Director, NIST.
[FR Doc. 05-9945 Filed 5-18-05; 8:45 am]
BILLING CODE 3510-CN-P