Security Portal: Advanced Encryption Standard ReleasedOct 03, 2000, 22:04 (4 Talkback[s])
(Other stories by Kurt Seifried)
"About 25 years ago the US NBS (National Board of Standards, renamed to NIST) put out a call for an encryption algorithm, unfortunately at that time public cryptography was minimal (they mostly worked for the NSA). Another call was put out in the federal register to which IBM responded with an algorithm called "Lucifer". This is where things get interesting. Originally Lucifer used a 128 bit key, however after the NSA got involved the key length was reduced to 56 bits, making it 4,722,366,482,869,645,213,696 times easier to brute force the key (2^72). This is rather interesting because it made it possible for the EFF to design and build a custom chip that had one purpose, to brute force DES keys. For less then $250,000 they engineered and manufactured a machine that could run through the entire 56 bit key space in a matter of days (less then 5 days on average). This was accomplished by a small public effort and completed in January of 1999."
"This is especially interesting since the NSA is many years ahead of public cryptographic efforts (the NSA is the world's largest employer of mathematicians). People realized that DES on it's own was secure against casual attackers, but not against a reasonably determined attacker, so 3DES was created, basically 2 56 bit keys are used to encrypt the data, first the A key, then the B key, then the A key again. This makes the resulting effort required to brute force it exponentially higher, unless there is some fundamental flaw in DES it probably isn't possible to brute force it. This of course creates a new problem, the resulting encryption and decryption is extremely slow and computationally expensive. NIST responded to this several years ago by calling for a replacement for DES, the AES (Advanced Encryption Standard), which has now been chosen and announced."
"AES must be faster, stronger and cheaper to implement then DES. It had to be fast when implemented in software, and small so it could be implemented in hardware (token cards/etc). It has to be highly resistant to attack since like DES it will be in service for a long time (to put it in perspective UNIX measures time in seconds since 1970, the "epoch"). After a lengthy process of many submissions it was whittled down to 5 finalists. At this point these algorithms are reasonably safe, they have been analyzed in great detail, and while some concerns have been found in most cases they are minor or easily solved (i.e. using more rounds). The algorithm chosen was Rijndael."