Johannesburg, 28 Nov 2000
Business investments in network security and secure transaction products must start taking account of the strategic requirements of the new Advanced Encryption Standard (AES). This is set to become the global standard for encrypting sensitive business data.
That`s the advice of Dr Gerhard Claassen, technology group manager: cryptography in the R&D division at JSE-listed Prism Holdings, a company focused on the development and delivery of secure transaction solutions.
According to Claassen, after three years of competition between 15 encryption algorithms, the US National Institute of Standards (NIST) has chosen the one to be adopted as the AES by governments and private industry globally.
"Businesses using cryptography to protect sensitive business data must begin to position themselves to quickly transition to the new AES as it could soon become the global encryption standard. No business can afford to be left behind in the critical area of data protection.
"This is particularly applicable to banking, financial services and healthcare organisations where protecting the privacy and integrity of sensitive data goes beyond good business sense. It may also soon be a legal requirement," he says.
The new AES, which is based on the Rijndael algorithm, is the culmination of co-operation between the US Government and private industry and academia from around the world to replace the ageing Data Encryption Standard (DES). The goal was to develop an encryption technique that has the potential to be used by millions of people in years to come.
Once accepted as the official encryption standard of the US Government, the AES is expected to become widely adopted in the public and private sectors internationally, particularly by financial institutions. This could start as early as April-May 2001.
While AES will replace the 23-year old Single DES, NIST anticipates that the infinitely more secure Triple DES, will remain an approved algorithm for the foreseeable future. The much less robust Single DES is already being phased out of use and is currently permitted in legacy systems only.
"The end of DES followed the development of DES Cracker machines that could crack the algorithm in under a day by trying all possible key values. Even though Triple DES delivers nth degree greater protection because of its enhanced, three-way, complexity, the added protection of the new AES is virtually impossible to quantify.
"If a DES key could be broken in a second, it would take the same machine approximately 149 trillion years to crack a new 128-bit AES key. As it took some 20 years for technology to develop in order to crack DES, NIST is confident that AES will be the encryption standard for the foreseeable future," Claassen concludes.
Share