A Nation Waits With Bated Breath

by Mr. Bad

2000-10-01 22:10:24

Encryption

Wow! It's like the night before Christmas all over Encryption Land!~ Because just HOURS from now the Encryption Fairies at the National Institute of Standards and Technology will announce the Advanced Encryption Standard (AES), the new government-mandated way to encrypt your datur!

The NIST has been evaluating all kinds of different encryption algorithms to choose the new encryption standard that all Federal agencies have to use for their datur encryption needs. People familiar with encryption know that the PREVIOUS government-mandated algorithm, the equally-boringly-acronymed Digital Encryption Standard (DES), is so goddamned ubiquitous that it's part and parcel of practically every commercial or Free Software encryption package in existence.

But good ol' DES and its big brother, Triple DES, are getting a little long in the tooth, so to speak. The original DES, which uses a piddly 56-bit length key, was cracked by the Electronic Frontier Foundation to show that it sucked and was poor protection for people's privacy. So it seems to all parties concerned -- including, strangely, the Feds -- that it's time to get a new encryption algorithm on the table.

Now, the AES search has come to a close, and TOMORROW the NIST makes its announcement about new encryption standard. There are a few cool factors about this whole thing. ONE is that the whole damn thing has taken place in the open air, with source code available for all implementations, and lots of academic conferences and shit to decide on the right standard. This is the Right Thing.

Second, no talk about "key recovery" standards. Those are algorithms where the Feds can basically build a back-door into the encryption system to take your encrypted datur if they feel like it. "Key recovery" systems tend to be very closed-source, back-room, fuck-you-if-you-don't-like-it-we're-the-feds type systems. There have been proposed standards for back-doored encryption coming out of the White House for years -- it's nice to see that it's not even mentioned here. Let's just all agree that back doors suck ass, both for the public and private sector, and move on, shall we?

Third, the NIST is threatening LEGAL ACTION under anti-trust laws to anyone who submits an algorithm without specifying in detail the intellectual property implications (patent, copyright, etc.) for the algorithm. Which, like, BEAU-JO-FUCKING-LAIS!, and royal fuck-yous all around to ambush-patent-pirates like Unisys.

But the SUPER COOL part of the whole AES thing -- the part that completely rocks ass -- is that, of the 5 finalist algorithms, THREE of them (Serpent, Twofish, and Rijndael, are patent or copyright free. That's right! It's possible that the next standard for encryption will be an open algorithm, subjected to academic scrutiny by the cryptographic community, and in the public domain. Which, like, huzzah!

So, if you see this article in time, rush on over to the NIST Web site and watch the Real Video LIVE VIDEO SIMULCAST of the announcement of the AES standard. Yippity fuck! Let's do some encrypting!

Check it out yourself

xandria@pigdog.org